CVE-2017-18897Open Redirect in Mattermost Mattermost-server

CWE-601Open Redirect5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 58.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Mattermost Mattermost-serverMattermost Server
Timeline
PublishedJun 19
Latest updateJan 13

Description

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDmattermost/mattermost_server4.1.04.1.1+2

🔴Vulnerability Details

4
OSV
Mattermost Server mishandles redirect denial action in github.com/mattermost/mattermost-server2026-01-13
OSV
Mattermost Server mishandles redirect denial action2022-05-24
GHSA
Mattermost Server mishandles redirect denial action2022-05-24
CVEList
CVE-2017-18897: An issue was discovered in Mattermost Server before 42020-06-19
CVE-2017-18897 — Open Redirect | cvebase