CVE-2017-18914

MEDIUM

Mattermost Server <3.8.2-3.6.7 - Open Redirect

Title source: llm
STIX 2.1

Description

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://mattermost.com/security-updates/

Scores

CVSS v3 5.3
EPSS 0.0024
EPSS Percentile 47.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-754
Status published
Products (1)
mattermost/mattermost_server < 3.6.7
Published Jun 19, 2020
Tracked Since Feb 18, 2026