CVE-2017-18885: Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials

May 24, 2022 (updated December 5, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user’s behalf.

References

github.com/advisories/GHSA-g78f-6xq7-rrhq
github.com/mattermost/mattermost
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2017-18885

Code Behaviors & Features

Detect and mitigate CVE-2017-18885 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →