First published: Fri Jun 19 2020(Updated: )
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | <3.6.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-18920.
The severity of the vulnerability is rated as critical with a CVSS score of 9.8.
The affected software is Mattermost Server before version 3.6.2.
The vulnerability allows an attacker to bypass the Same Origin Policy and potentially perform unauthorized actions.
To fix this vulnerability, update your Mattermost Server to version 3.6.2 or later.