CVE-2017-18872

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-18872

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18872.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-18872

Aliases

Published

2020-06-19T18:15:10.537Z

Modified

2026-02-03T20:57:36.469022Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

a0017f184578d4d6250a9b54b50e656524078949

Fixed

753386c2b2b06233d8bd977e3db29a4fe18098cb

Fixed

8f6bb1570dd234c63de5241eff9fbb268aad358c

Affected versions

v4.*

v4.4.0

v4.4.0-rc4

v4.4.0-rc5

v4.4.1

v4.4.1-rc1

v4.4.2

v4.4.2-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18872.json"