cbcvebase.
CVE-2017-18908
published 2020-06-19

CVE-2017-18908: An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 0 < 3.9.1-rc1+incompatible3.9.1-rc1+incompatible
github.commattermost_mattermost-server>= 0 < 3.9.1-rc13.9.1-rc1
github.commattermost_mattermost-server>= 3.10.0 < 3.10.13.10.1
github.commattermost_mattermost-server>= 3.10.0+incompatible < 3.10.1+incompatible3.10.1+incompatible
mattermostmattermost_server< 3.9.23.9.2
mattermostmattermost_server>= 3.10.0 < 3.10.23.10.2