PT-2022-37853 — Insufficient Session Expiration in Go Github.Com/Mattermost/Mattermost-Server

PT-2022-37853 · Go · Github.Com/Mattermost/Mattermost-Server

Published

2022-05-24

Updated

2022-05-24

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

GHSA-G24C-FX4V-XG9W

Affected Products

Github.Com/Mattermost/Mattermost-Server

PT-2022-37853 · Go · Github.Com/Mattermost/Mattermost-Server

Weakness Enumeration

Related Identifiers

Affected Products

References · 7