Описание
Mattermost Server has Insufficient Session Expiration when used as an OAuth 2.0 service provider
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18905
- https://github.com/mattermost/mattermost/commit/15ad24d160cb4604d0605ebbfa53d11a57820706
- https://github.com/mattermost/mattermost/commit/b17fca0d5ee7557e3df1cf1d1da8bd749859e35f
- https://github.com/mattermost/mattermost/commit/fbc170733e86f09b46ba754dd03304733d2f482f
- https://mattermost.com/security-updates
Пакеты
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
< 3.9.2
3.9.2
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
>= 3.10.0, < 3.10.2
3.10.2
Связанные уязвимости
CVSS3: 5.3
nvd
больше 5 лет назад
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVSS3: 5.3
debian
больше 5 лет назад
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...