An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2017-9962 | An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. |
 Github GHSA |
GHSA-hgrp-fgm8-56g8 | Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://mattermost.com/security-updates/ |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T21:37:44.288Z
Reserved: 2020-06-19T00:00:00.000Z
Link: CVE-2017-18872
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-19T18:15:10.537
Modified: 2024-11-21T03:21:08.777
Link: CVE-2017-18872
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses