An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
2020-06-19T19:15:10.310
2024-11-21T03:21:10.410
Modified
CVSSv3.1: 9.1 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:N
10.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mattermost | mattermost_server | < 4.1.2 | Yes |
| Application | mattermost | mattermost_server | < 4.2.1 | Yes |
| Application | mattermost | mattermost_server | 4.3.0 | Yes |
| Application | mattermost | mattermost_server | 4.3.0 | Yes |
| Application | mattermost | mattermost_server | 4.3.0 | Yes |
| Application | mattermost | mattermost_server | 4.3.0 | Yes |