CVE-2017-18872

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-18872

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18872.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-18872

Aliases

Downstream

openSUSE-SU-2025:15710-1

Related

openSUSE-SU-2025:15710-1

Published

2020-06-19T18:15:10.537Z

Modified

2026-03-12T22:31:42.113054Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

Fixed

8f6bb1570dd234c63de5241eff9fbb268aad358c

Introduced

a0017f184578d4d6250a9b54b50e656524078949

Fixed

753386c2b2b06233d8bd977e3db29a4fe18098cb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.3.3"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.3"
        }
    ]
}

Affected versions

v4.*

v4.4.0

v4.4.0-rc4

v4.4.0-rc5

v4.4.1

v4.4.1-rc1

v4.4.2

v4.4.2-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18872.json"