CVE-2016-11076
published 2020-06-19CVE-2016-11076: An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.87%
54.4th percentile
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 3.0.0 | 3.0.0 |
| github.com | mattermost_mattermost-server | >= 0 < 3.0.0+incompatible | 3.0.0+incompatible |
| mattermost | mattermost_server | < 3.0.0 | 3.0.0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server
osv·2025-10-30
CVE-2016-11076 Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server
Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server
Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server
OSV
Mattermost Server does not check if cookies are used over SSL
osv·2022-05-24
CVE-2016-11076 [HIGH] Mattermost Server does not check if cookies are used over SSL
Mattermost Server does not check if cookies are used over SSL
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
GHSA
Mattermost Server does not check if cookies are used over SSL
ghsa·2022-05-24
CVE-2016-11076 [HIGH] CWE-295 Mattermost Server does not check if cookies are used over SSL
Mattermost Server does not check if cookies are used over SSL
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-19
Published