{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "4.3.4" }, { "introduced": "4.4.0" }, { "fixed": "4.4.5" }, { "introduced": "0" }, { "last_affected": "4.5.0-rc1" }, { "introduced": "0" }, { "last_affected": "4.5.0-rc2" }, { "introduced": "0" }, { "last_affected": "4.5.0-rc3" }, { "introduced": "0" }, { "last_affected": "4.5.0-rc4" } ] }, "events": [ { "introduced": "0" }, { "fixed": "8f6bb1570dd234c63de5241eff9fbb268aad358c" }, { "introduced": "a0017f184578d4d6250a9b54b50e656524078949" }, { "fixed": "3890bc7079bf21330efdc45ae2741a4392d99e3c" }, { "introduced": "0" }, { "last_affected": "5358b9c42cc99f72e7844062f28b2ddc3642a339" }, { "introduced": "0" }, { "last_affected": "03f5c939deb4a6ab2fd01639b5570799e4118bab" }, { "introduced": "0" }, { "last_affected": "03f5c939deb4a6ab2fd01639b5570799e4118bab" }, { "introduced": "0" }, { "last_affected": "03f5c939deb4a6ab2fd01639b5570799e4118bab" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.", "id": "CVE-2017-18870", "modified": "2026-03-13T21:54:55.304717960Z", "published": "2020-06-19T17:15:11.787Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ] }