CVE-2017-18912
CRITICALMattermost Server <3.8.2-3.6.7 - Path Traversal
Title source: llmDescription
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.
References (1)
Scores
CVSS v3
9.8
EPSS
0.0073
EPSS Percentile
72.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-22
Status
published
Affected Products (2)
mattermost/mattermost_server
< 3.6.7
mattermost/mattermost-server
< 3.7.4-0.20170404171331-0b5c0794fdcbGo
Timeline
Published
Jun 19, 2020
Tracked Since
Feb 18, 2026