Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider

GHSA-w8cc-3h7q-jhc3 · CVE-2017-18883 · GO-2025-4198

Published May 24, 2022 · Modified Dec 9, 2025

Description

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-18883
PACKAGE https://github.com/mattermost/mattermost
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes