Session Invalidation Mishandling in Mattermost Server

Session Invalidation Mishandling in Mattermost Server

CVE-2017-18905 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

Learn more about our Cis Benchmark Audit For Server Software.