PT-2020-8430 · Mattermost · Mattermost Server

Published

2020-06-19

Updated

2025-12-15

CVE-2017-18884

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.3.0 Mattermost Server version 4.2.1 Mattermost Server version 4.1.2

Description: An issue was discovered in Mattermost Server that allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

Recommendations: For Mattermost Server versions prior to 4.3.0, update to version 4.3.0 or later. For Mattermost Server version 4.2.1, update to version 4.3.0 or later. For Mattermost Server version 4.1.2, update to version 4.3.0 or later. As a temporary workaround, consider restricting the use of registered OAuth applications with personal access tokens until a patch is available.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2017-18884

GHSA-876J-JFQF-M7J7

GO-2025-4197

SUSE-SU-2025:4395-1

Affected Products

Mattermost Server

PT-2020-8430 · Mattermost · Mattermost Server

CVE-2017-18884

Weakness Enumeration

Related Identifiers

Affected Products

References · 46