An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
View Full Alert
Related Posts
CVE-2017-18870 (mattermost_server)An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. View Full Alert
CVE-2017-18878 (mattermost_server)An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session. View Full Alert
CVE-2017-18872 (mattermost_server)An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. View Full…
