CVE-2017-18903Cross-Site Request Forgery in Mattermost Mattermost-server

CWE-352Cross-Site Request Forgery5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 61.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Mattermost Mattermost-serverMattermost Server
Timeline
PublishedJun 19
Latest updateFeb 26

Description

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDmattermost/mattermost_server3.10.03.10.2+1
Gogithub.com/mattermost_mattermost-server3.10.0-rc13.10.2+3

🔴Vulnerability Details

4
OSV
Mattermost Server vulnerable to CSRF if CORS is enabled in github.com/mattermost/mattermost-server2026-02-26
OSV
Mattermost Server vulnerable to CSRF if CORS is enabled2022-05-24
GHSA
Mattermost Server vulnerable to CSRF if CORS is enabled2022-05-24
CVEList
CVE-2017-18903: An issue was discovered in Mattermost Server before 42020-06-19
CVE-2017-18903 — Cross-Site Request Forgery | cvebase