cbcvebase.
CVE-2017-18885
published 2020-06-19

CVE-2017-18885: An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.

Affected

9 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 0 < 4.1.2+incompatible4.1.2+incompatible
github.commattermost_mattermost-server>= 0 < 4.1.24.1.2
github.commattermost_mattermost-server>= 4.2.0-rc1 < 4.2.14.2.1
github.commattermost_mattermost-server>= 4.2.0-rc1+incompatible < 4.2.1+incompatible4.2.1+incompatible
github.commattermost_mattermost-server>= 4.3.0-rc1 < 4.3.04.3.0
github.commattermost_mattermost-server>= 4.3.0-rc1+incompatible < 4.3.0+incompatible4.3.0+incompatible
mattermostmattermost_server< 4.1.24.1.2
mattermostmattermost_server
mattermostmattermost_server>= 4.2.0 < 4.2.14.2.1
CVE-2017-18885 — Improper Privilege Management | cvebase