An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
View Full Alert
Related Posts
CVE-2017-18870 (mattermost_server)An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. View Full Alert
CVE-2017-18878 (mattermost_server)An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session. View Full Alert
CVE-2017-18872 (mattermost_server)An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. View Full…
