CVE-2017-18897

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.2.0 Mattermost Server version 4.1.1 Mattermost Server version 4.0.5

Description: The issue concerns Mattermost Server when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.

Recommendations: For versions prior to 4.2.0, update to version 4.2.0 or later. For version 4.1.1, update to version 4.2.0 or later. For version 4.0.5, update to version 4.2.0 or later.