CVE-2017-18896Incorrect Permission Assignment in Mattermost Mattermost-server

CWE-732Incorrect Permission Assignment5 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 58.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Mattermost Mattermost-serverMattermost Server
Timeline
PublishedJun 19
Latest updateJan 13

Description

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDmattermost/mattermost_server4.1.04.1.1+2
Gogithub.com/mattermost_mattermost-server4.1.0+incompatible4.1.1+incompatible+5

🔴Vulnerability Details

4
OSV
Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server2026-01-13
OSV
Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint2022-05-24
GHSA
Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint2022-05-24
CVEList
CVE-2017-18896: An issue was discovered in Mattermost Server before 42020-06-19
CVE-2017-18896 — Incorrect Permission Assignment | cvebase