CVE-2017-18912: Mattermost Server allows an attacker to specify a full pathname of a log file

May 24, 2022 (updated February 12, 2026)

An issue was discovered in Mattermost Server before 3.7.5. It allows an attacker to specify a full pathname of a log file.

References

github.com/advisories/GHSA-m2ch-x2q7-2284
github.com/mattermost/mattermost
github.com/mattermost/mattermost/commit/0b5c0794fdcbb551c1233dcdfbdf5c7deb585fd6
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2017-18912

Code Behaviors & Features

Detect and mitigate CVE-2017-18912 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →