cbcvebase.
CVE-2017-18911
published 2020-06-19

CVE-2017-18911: An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

Affected

9 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 0 < 3.6.7-rc13.6.7-rc1
github.commattermost_mattermost-server>= 0 < 3.6.7-rc1+incompatible3.6.7-rc1+incompatible
github.commattermost_mattermost-server>= 3.7.0 < 3.7.53.7.5
github.commattermost_mattermost-server>= 3.7.0+incompatible < 3.7.5+incompatible3.7.5+incompatible
github.commattermost_mattermost-server>= 3.8.0 < 3.8.23.8.2
github.commattermost_mattermost-server>= 3.8.0+incompatible < 3.8.2+incompatible3.8.2+incompatible
mattermostmattermost_server< 3.6.73.6.7
mattermostmattermost_server>= 3.7.0 < 3.7.53.7.5
mattermostmattermost_server>= 3.8.0 < 3.8.23.8.2
CVE-2017-18911 — Improper Certificate Validation | cvebase