CVE-2017-18873
published 2020-06-19CVE-2017-18873: An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a…
PriorityP421medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
1.11%
61.8th percentile
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 4.1.2-0.20171013141717-ee57a5829ab1+incompatible | 4.1.2-0.20171013141717-ee57a5829ab1+incompatible |
| github.com | mattermost_mattermost-server | >= 0 < 4.1.2-0.20171013141717-ee57a5829ab1 | 4.1.2-0.20171013141717-ee57a5829ab1 |
| github.com | mattermost_mattermost-server | >= 4.2.0 < 4.2.1-0.20171013140502-b3e4b0ac9168 | 4.2.1-0.20171013140502-b3e4b0ac9168 |
| github.com | mattermost_mattermost-server | >= 4.2.0+incompatible < 4.2.1-0.20171013140502-b3e4b0ac9168+incompatible | 4.2.1-0.20171013140502-b3e4b0ac9168+incompatible |
| github.com | mattermost_mattermost-server | >= 4.3.0-rc1 < 4.3.0 | 4.3.0 |
| github.com | mattermost_mattermost-server | >= 4.3.0-rc1+incompatible < 4.3.0+incompatible | 4.3.0+incompatible |
| jasper_project | jasper | >= 0 < 1.900.1-debian1-2.4ubuntu1.3 | 1.900.1-debian1-2.4ubuntu1.3 |
| mattermost | mattermost_server | < 4.1.2 | 4.1.2 |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | >= 4.2.0 < 4.2.1 | 4.2.1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server
osv·2026-02-26
CVE-2017-18873 Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/mattermost/mattermost-server before v4.1.2-0.20171013141717-ee57a5829ab1, before v4.2.1-0.20171013140502-b3e4b0ac9168.
GHSA
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post
ghsa·2022-05-24
CVE-2017-18873 [MEDIUM] CWE-20 Mattermost Server is vulnerable to channel invisibility DoS via misformatted post
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformated post.
OSV
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post
osv·2022-05-24
CVE-2017-18873 [MEDIUM] Mattermost Server is vulnerable to channel invisibility DoS via misformatted post
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformated post.
OSV
jasper vulnerabilities
osv·2021-01-11·CVSS 5.5
CVE-2018-18873 jasper vulnerabilities
jasper vulnerabilities
It was discovered that Jasper incorrectly certain files.
An attacker could possibly use this issue to cause a crash.
(CVE-2018-18873)
It was discovered that Jasper incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-19542)
It was discovered that Jasper incorrectly handled certain JPC encoders.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-27828)
It was discovered that Jasper incorrectly handled certain images.
An attacker could possibly use this issue to expose sensitive information
or cause a crash.
(CVE-2017-9782)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-19
Published