PT-2022-10683 · Mattermost · Mattermost Boards Plugin

Hagai Wechsler

Published

2022-01-18

Updated

2022-02-03

CVE-2021-37866

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost Boards plugin versions 0.10.0 and earlier

Description The issue allows an attacker to reuse an old session token for authorization because the session is not properly invalidated on the server-side when a user logs out of Boards.

Recommendations For Mattermost Boards plugin versions 0.10.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2021-37866

Affected Products

Mattermost Boards Plugin

PT-2022-10683 · Mattermost · Mattermost Boards Plugin

CVE-2021-37866

Weakness Enumeration

Related Identifiers

Affected Products

References · 5