PT-2020-8416 · Mattermost · Mattermost Server

Published

2020-06-19

·

Updated

2025-12-15

·

CVE-2017-18870

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.5.0 Mattermost Server version 4.4.5 Mattermost Server version 4.3.4
Description: The issue concerns the mishandling of webhook access control in the EnableOnlyAdminIntegrations case.
Recommendations: For versions prior to 4.5.0, update to version 4.5.0 or later. For version 4.4.5, update to version 4.5.0 or later. For version 4.3.4, update to version 4.5.0 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2017-18870
GHSA-9J9J-MM2R-9RFM
GO-2025-4183
SUSE-SU-2025:4395-1

Affected Products

Mattermost Server