CVE-2017-18918
First published: Fri Jun 19 2020(Updated: )
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost Server | >=3.6.0<3.6.5 | |
| Mattermost Mattermost Server | >=3.7.0<3.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Mattermost Server?
The vulnerability ID for this issue in Mattermost Server is CVE-2017-18918.
What is the severity of CVE-2017-18918?
The severity of CVE-2017-18918 is medium with a severity value of 4.9.
How does the vulnerability in Mattermost Server affect the software?
The vulnerability in Mattermost Server allows a System Administrator to place a SAML certificate at an arbitrary pathname.
Which versions of Mattermost Server are affected by this vulnerability?
The versions of Mattermost Server affected by this vulnerability are between 3.6.0 and 3.6.5, as well as between 3.7.0 and 3.7.3.
How can I fix the vulnerability in Mattermost Server?
To fix the vulnerability in Mattermost Server, update to version 3.6.5 or 3.7.3.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mattermost
- canonical/mattermost mattermost server
- version/mattermost mattermost server/3.6.0
- version/mattermost mattermost server/3.7.0