CVE-2017-18883: Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider

May 24, 2022 (updated December 5, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

References

github.com/advisories/GHSA-w8cc-3h7q-jhc3
github.com/mattermost/mattermost
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2017-18883

Code Behaviors & Features

Detect and mitigate CVE-2017-18883 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →