CVE-2017-18883: An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for…

critical9.1CVSS 3.1

AVNACLPRNUINSUCHIHAN

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
github.com	mattermost_mattermost-server	>= 0 < 4.1.2+incompatible	4.1.2+incompatible
github.com	mattermost_mattermost-server	>= 0 < 4.1.2	4.1.2
github.com	mattermost_mattermost-server	>= 4.2.0-rc1 < 4.2.1	4.2.1
github.com	mattermost_mattermost-server	>= 4.2.0-rc1+incompatible < 4.2.1+incompatible	4.2.1+incompatible
github.com	mattermost_mattermost-server	>= 4.3.0-rc1 < 4.3.0	4.3.0
github.com	mattermost_mattermost-server	>= 4.3.0-rc1+incompatible < 4.3.0+incompatible	4.3.0+incompatible
mattermost	mattermost_server	< 4.1.2	4.1.2
mattermost	mattermost_server	—	—
mattermost	mattermost_server	>= 4.2.0 < 4.2.1	4.2.1