CVE-2017-18891: Mattermost Server does not safeguard against phishing via error page links

May 24, 2022 (updated January 12, 2026)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.

References

github.com/advisories/GHSA-vrh2-rprg-rgc6
github.com/mattermost/mattermost
github.com/mattermost/mattermost/pull/7378
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2017-18891

Code Behaviors & Features

Detect and mitigate CVE-2017-18891 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →