Описание
Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
Пакеты
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
< 4.3.3
4.3.3
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
>= 4.4.0-rc1, < 4.4.3
4.4.3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 5 лет назад
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
CVSS3: 4.3
debian
больше 5 лет назад
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. A ...