CVE-2017-18873 — Improper Input Validation in Mattermost Mattermost-server

CWE-20 — Improper Input Validation6 documents4 sources

Severity

5.3MEDIUMNVD

OSV5.5

EPSS

0.4%

top 40.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server Mattermost Server Jasper Project Jasper

Timeline

PublishedJun 19

Latest updateFeb 26

Description

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDmattermost/mattermost_server4.2.0 — 4.2.1+2

▶Gogithub.com/mattermost_mattermost-server4.2.0+incompatible — 4.2.1-0.20171013140502-b3e4b0ac9168+incompatible+5

▶Ubuntujasper_project/jasper< 1.900.1-debian1-2.4ubuntu1.3

🔴Vulnerability Details

OSV

Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server↗2026-02-26

▶

GHSA

Mattermost Server is vulnerable to channel invisibility DoS via misformatted post↗2022-05-24

▶

OSV

Mattermost Server is vulnerable to channel invisibility DoS via misformatted post↗2022-05-24

▶

OSV

jasper vulnerabilities↗2021-01-11

▶

CVEList

CVE-2017-18873: An issue was discovered in Mattermost Server before 4↗2020-06-19

▶