CVE-2017-18909

Description

Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/mattermost/mattermost-server before v3.8.1-0.20170504181128-4f074fed0d65.

Affected packages (2)

• Go/github.com/mattermost/mattermost-serverfrom 0, < 3.8.1-0.20170504181128-4f074fed0d65
• Go/github.com/mattermost/mattermost-serverfrom 0

CVSS scores

References (5)

• ADVISORYhttps://github.com/advisories/GHSA-r6j5-fqx9-7qv9
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-18909
• PATCHhttps://github.com/mattermost/mattermost
• WEBhttps://github.com/mattermost/mattermost/commit/4f074fed0d653a28779ac586e418341232d43e95
• WEBhttps://mattermost.com/security-updates