API Endpoint Access Control Bypass in Mattermost Server

API Endpoint Access Control Bypass in Mattermost Server

CVE-2017-18916 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.

Learn more about our Cis Benchmark Audit For Server Software.