CVE-2017-18908: Mattermost Server password reset email requests can be sent to attacker-provided email addresses
(updated )
An issue was discovered in Mattermost Server before 4.0.0, 3.10.1, and 3.9.1. A password reset request was sometimes sent to an attacker-provided e-mail address.
References
- github.com/advisories/GHSA-34cx-hvm4-vx7j
- github.com/mattermost/mattermost
- github.com/mattermost/mattermost/commit/59139390ae927af2e879dbacfe4dadb1adac97c0
- github.com/mattermost/mattermost/commit/d3bc11be3acd3a73e6358d958b91427e2584ea71
- github.com/mattermost/mattermost/commit/e5065cf7575ee05c040945a4b00b7fd90bf39b83
- mattermost.com/security-updates
- nvd.nist.gov/vuln/detail/CVE-2017-18908
Code Behaviors & Features
Detect and mitigate CVE-2017-18908 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →