CVE-2017-18870
published 2020-06-19CVE-2017-18870: An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost_server | < 4.3.4 | 4.3.4 |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | >= 4.4.0 < 4.4.5 | 4.4.5 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv4.3MEDIUM