Description
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2017-9962 | An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. |
 Github GHSA |
GHSA-hgrp-fgm8-56g8 | Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization |
References
| Link | Providers |
|---|---|
| https://mattermost.com/security-updates/ |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T21:37:44.288Z
Reserved: 2020-06-19T00:00:00.000Z
Link: CVE-2017-18872
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-19T18:15:10.537
Modified: 2024-11-21T03:21:08.777
Link: CVE-2017-18872
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses