Main Vulnerability Database Vulnerabilities #VU34211

#VU34211 Improper Certificate Validation in Mattermost Server - CVE-2017-18909

Published: June 19, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34211

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-18909

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.

Install update from vendor's website.