CVE-2017-18902
published 2020-06-19CVE-2017-18902: An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 3.10.3 | 3.10.3 |
| github.com | mattermost_mattermost-server | >= 0 < 3.10.3+incompatible | 3.10.3+incompatible |
| github.com | mattermost_mattermost-server | >= 4.0.0 < 4.0.4 | 4.0.4 |
| github.com | mattermost_mattermost-server | >= 4.0.0+incompatible < 4.0.4+incompatible | 4.0.4+incompatible |
| github.com | mattermost_mattermost-server | >= 4.0.5-rc1 < 4.1.0 | 4.1.0 |
| github.com | mattermost_mattermost-server | >= 4.0.5-rc1+incompatible < 4.1.0+incompatible | 4.1.0+incompatible |
| mattermost | mattermost_server | < 3.10.3 | 3.10.3 |
| mattermost | mattermost_server | >= 4.0.0 < 4.0.4 | 4.0.4 |