CVE-2017-18918

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-18918

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18918.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-18918

Aliases

GHSA-5ghq-28r7-qwfj

Published

2020-06-19T20:15:12.587Z

Modified

2026-02-17T07:04:19.522473Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost
Events: Introduced

17b4842dd382d87008f2d0cd2f721474cf4fe65b

Fixed

ef6531fe152d1b63280875439626a38048f75f25

Introduced

8568afe5b4fb4d26b14fbc0d21f088eaa490b314

Fixed

2419a542483452575a88324203a10584c3a8261c

Affected versions

Other

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

preview-v0.*

preview-v0.1

server/public/v0.*

server/public/v0.0.10

server/public/v0.0.11

server/public/v0.0.12

server/public/v0.0.13

server/public/v0.0.14

server/public/v0.0.15

server/public/v0.0.16

server/public/v0.0.17

server/public/v0.0.18

server/public/v0.0.5

server/public/v0.0.6

server/public/v0.0.7

server/public/v0.0.8

server/public/v0.0.9

server/public/v0.1.0

server/public/v0.1.1

server/public/v0.1.10

server/public/v0.1.11

server/public/v0.1.12

server/public/v0.1.13

server/public/v0.1.14

server/public/v0.1.15

server/public/v0.1.16

server/public/v0.1.17

server/public/v0.1.18

server/public/v0.1.19

server/public/v0.1.2

server/public/v0.1.20

server/public/v0.1.21

server/public/v0.1.22

server/public/v0.1.3

server/public/v0.1.4

server/public/v0.1.5

server/public/v0.1.6

server/public/v0.1.7

server/public/v0.1.8

server/public/v0.1.9

server/public/v0.2.0

v3.*

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.8.0

v4.*

v4.0.0

v4.0.1

v4.1.0

v4.10.0

v4.10.0-rc1

v4.10.0-rc2

v4.10.0-rc3

v4.10.0-rc4

v4.10.0-rc5

v4.2.0-rc1

v4.3.0

v4.3.0-rc1

v4.3.0-rc2

v4.3.0-rc3

v4.3.0-rc4

v4.4.0

v4.4.0-rc1

v4.4.0-rc2

v4.4.0-rc3

v4.4.0-rc4

v4.4.0-rc5

v4.5.0

v4.5.0-rc1

v4.5.0-rc2

v4.5.0-rc3

v4.5.0-rc4

v4.5.1

v4.5.1-rc1

v4.5.2

v4.5.2-rc1

v4.6.0

v4.6.0-rc1

v4.6.0-rc2

v4.6.0-rc3

v4.6.0-rc4

v4.6.0-rc5

v4.6.0-rc6

v4.7.0

v4.7.0-rc1

v4.7.0-rc2

v4.7.0-rc3

v4.7.0-rc4

v4.7.1

v4.7.1-rc1

v4.7.2

v4.7.2-rc1

v4.7.2-rc2

v4.7.2-rc3

v4.7.3

v4.7.3-rc1

v4.8.0

v4.8.0-rc1

v4.8.0-rc2

v4.8.0-rc3

v4.8.0-rc4

v4.8.0-rc5

v4.8.0-rc6

v4.9.0

v4.9.0-rc1

v4.9.0-rc2

v4.9.0-rc3

v4.9.0-rc4

v4.9.0-rc5

v4.9.0-rc6

v5.*

v5.0.0

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.0-rc4

v5.0.0-rc5

v5.0.0-rc6

v5.0.0-rc7

v5.0.1

v5.0.1-rc1

v5.1.0

v5.1.0-rc1

v5.1.0-rc2

v5.1.0-rc3

v5.1.0-rc4

v5.2.0

v5.2.0-rc1

v5.2.0-rc2

v5.2.0-rc3

v5.2.0-rc4

v5.2.0-rc5

v5.2.0-rc6

v5.2.1

v5.2.1-rc1

v5.3.0

v5.3.0-rc1

v5.3.0-rc2

v5.3.0-rc3

v5.3.0-rc4

v5.3.0-rc5

v5.3.1

v5.3.1-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18918.json"