CVE

CVE-2017-18884

Mattermost Server exposes OAuth personal access tokens to attackers

CVE

CVE-2017-18884

Mattermost Server exposes OAuth personal access tokens to attackers

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

8.1

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.1

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-18884, https://mattermost.com/security-updates

Severity

8.1

CVSS Score

Basic Information

Ecosystem

Base CVSS

8.1

EPSS Probability

0.00209%

EPSS Percentile

0.43239%

Introduced Version

0,v4.1.0+incompatible,v4.2.0-rc1,v0.0.0-20170731165932-59992ae4a463,v3.7.0+incompatible,v0.0.0-20170313122956-8b0eedbbcd47,v0.0.0-20170216144655-f87d42916f1e,v0.0.0-20170130133002-c01d9ad6cf3f,v0.5.0,v0.0.0-20150615075332-56e74239d6b3

Fix Available

4.1.2,v4.1.2-rc1+incompatible,v4.2.1+incompatible,v0.0.0-20171004150456-e05edf85cfc0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2017-18884

CVE-2017-18884

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

8.1

Basic Information

Fix Critical Vulnerabilities Instantly