PT-2020-8455 · Mattermost · Mattermost Server
Published
2020-06-19
·
Updated
2026-03-03
·
CVE-2017-18909
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Mattermost Server versions prior to 3.9.0
Description:
An issue was discovered when SAML is used, where encryption and signature verification are not mandatory.
Recommendations:
For versions prior to 3.9.0, update to version 3.9.0 or later to resolve the issue.
Fix
Missing Encryption of Sensitive Data
Improper Verification of Cryptographic Signature
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost Server