API Endpoint Access Control Bypass in Mattermost Server
CVE-2017-18916 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
Learn more about our Cis Benchmark Audit For Server Software.