[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-18896":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":548,"aliases":549,"duplicate_of":9,"upstream":552,"downstream":553,"duplicates":556,"related":557,"reserved_at":9,"published_at":559,"modified_at":560,"state":561,"summary":562,"references_raw":571,"kevs":610,"epss":611,"epss_history":614,"metrics":876,"affected":888},"CVE-2017-18896","An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-732","Incorrect Permission Assignment for Critical Resource","The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.","weakness","Draft","Class","High",[20,68,222,256,298,320,333,337,498,502,506],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",{"id":69,"name":70,"techniques":71},"CAPEC-122","Privilege Abuse",[72],{"id":73,"name":74,"tactics":75,"countermeasures":78},"T1548","Abuse Elevation Control Mechanism",[76,77],{"id":35,"name":36},{"id":32,"name":33},[79,83,87,91,95,99,103,107,111,115,119,123,127,131,136,140,145,149,153,157,161,165,169,173,177,181,186,190,194,198,202,206,210,214,218],{"id":80,"name":81,"tactic":82},"D3-CI","Configuration Inventory",{"name":48},{"id":84,"name":85,"tactic":86},"D3-AM","Access Modeling",{"name":48},{"id":88,"name":89,"tactic":90},"D3-DI","Data Inventory",{"name":48},{"id":92,"name":93,"tactic":94},"D3-NTPM","Network Traffic Policy Mapping",{"name":48},{"id":96,"name":97,"tactic":98},"D3-AEM","Application Exception Monitoring",{"name":57},{"id":100,"name":101,"tactic":102},"D3-SCA","System Call Analysis",{"name":57},{"id":104,"name":105,"tactic":106},"D3-SFA","System File Analysis",{"name":57},{"id":108,"name":109,"tactic":110},"D3-FA","File Analysis",{"name":57},{"id":112,"name":113,"tactic":114},"D3-FIM","File Integrity Monitoring",{"name":57},{"id":116,"name":117,"tactic":118},"D3-OPM","Operational Process Monitoring",{"name":57},{"id":120,"name":121,"tactic":122},"D3-DA","Dynamic Analysis",{"name":57},{"id":124,"name":125,"tactic":126},"D3-EFA","Emulated File Analysis",{"name":57},{"id":128,"name":129,"tactic":130},"D3-PSA","Process Spawn Analysis",{"name":57},{"id":132,"name":133,"tactic":134},"D3-FEV","File Eviction",{"name":135},"Evict",{"id":137,"name":138,"tactic":139},"D3-AL","Account Locking",{"name":135},{"id":141,"name":142,"tactic":143},"D3-DF","Decoy File",{"name":144},"Deceive",{"id":146,"name":147,"tactic":148},"D3-FE","File Encryption",{"name":62},{"id":150,"name":151,"tactic":152},"D3-AA","Agent Authentication",{"name":62},{"id":154,"name":155,"tactic":156},"D3-CDP","Change Default Password",{"name":62},{"id":158,"name":159,"tactic":160},"D3-SCP","System Configuration Permissions",{"name":62},{"id":162,"name":163,"tactic":164},"D3-RC","Restore Configuration",{"name":67},{"id":166,"name":167,"tactic":168},"D3-RF","Restore File",{"name":67},{"id":170,"name":171,"tactic":172},"D3-ULA","Unlock Account",{"name":67},{"id":174,"name":175,"tactic":176},"D3-RUAA","Restore User Account Access",{"name":67},{"id":178,"name":179,"tactic":180},"D3-RD","Restore Database",{"name":67},{"id":182,"name":183,"tactic":184},"D3-SCF","System Call Filtering",{"name":185},"Isolate",{"id":187,"name":188,"tactic":189},"D3-CF","Content Filtering",{"name":185},{"id":191,"name":192,"tactic":193},"D3-LFP","Local File Permissions",{"name":185},{"id":195,"name":196,"tactic":197},"D3-RFAM","Remote File Access Mediation",{"name":185},{"id":199,"name":200,"tactic":201},"D3-CQ","Content Quarantine",{"name":185},{"id":203,"name":204,"tactic":205},"D3-CM","Content Modification",{"name":185},{"id":207,"name":208,"tactic":209},"D3-UAP","User Account Permissions",{"name":185},{"id":211,"name":212,"tactic":213},"D3-EAL","Executable Allowlisting",{"name":185},{"id":215,"name":216,"tactic":217},"D3-EDL","Executable Denylisting",{"name":185},{"id":219,"name":220,"tactic":221},"D3-HBPI","Hardware-based Process Isolation",{"name":185},{"id":223,"name":224,"techniques":225},"CAPEC-127","Directory Indexing",[226],{"id":227,"name":228,"tactics":229,"countermeasures":233},"T1083","File and Directory Discovery",[230],{"id":231,"name":232},"TA0102","Discovery",[234,236,238,240,242,244,246,248,250,252,254],{"id":108,"name":109,"tactic":235},{"name":57},{"id":112,"name":113,"tactic":237},{"name":57},{"id":132,"name":133,"tactic":239},{"name":135},{"id":141,"name":142,"tactic":241},{"name":144},{"id":146,"name":147,"tactic":243},{"name":62},{"id":166,"name":167,"tactic":245},{"name":67},{"id":191,"name":192,"tactic":247},{"name":185},{"id":187,"name":188,"tactic":249},{"name":185},{"id":195,"name":196,"tactic":251},{"name":185},{"id":199,"name":200,"tactic":253},{"name":185},{"id":203,"name":204,"tactic":255},{"name":185},{"id":257,"name":258,"techniques":259},"CAPEC-17","Using Malicious Files",[260,280],{"id":261,"name":262,"tactics":263,"countermeasures":269},"T1574.005","Executable Installer File Permissions Weakness",[264,265,266,267,268],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[270,272,274,276,278],{"id":45,"name":46,"tactic":271},{"name":48},{"id":50,"name":51,"tactic":273},{"name":48},{"id":54,"name":55,"tactic":275},{"name":57},{"id":59,"name":60,"tactic":277},{"name":62},{"id":64,"name":65,"tactic":279},{"name":67},{"id":25,"name":26,"tactics":281,"countermeasures":287},[282,283,284,285,286],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[288,290,292,294,296],{"id":45,"name":46,"tactic":289},{"name":48},{"id":50,"name":51,"tactic":291},{"name":48},{"id":54,"name":55,"tactic":293},{"name":57},{"id":59,"name":60,"tactic":295},{"name":62},{"id":64,"name":65,"tactic":297},{"name":67},{"id":299,"name":300,"techniques":301},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[302],{"id":25,"name":26,"tactics":303,"countermeasures":309},[304,305,306,307,308],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[310,312,314,316,318],{"id":45,"name":46,"tactic":311},{"name":48},{"id":50,"name":51,"tactic":313},{"name":48},{"id":54,"name":55,"tactic":315},{"name":57},{"id":59,"name":60,"tactic":317},{"name":62},{"id":64,"name":65,"tactic":319},{"name":67},{"id":321,"name":322,"techniques":323},"CAPEC-206","Signing Malicious Code",[324],{"id":325,"name":326,"tactics":327,"countermeasures":332},"T1553.002","Code Signing",[328,329],{"id":35,"name":36},{"id":330,"name":331},"TA0112","Defense Impairment",[],{"id":334,"name":335,"techniques":336},"CAPEC-234","Hijacking a privileged process",[],{"id":338,"name":339,"techniques":340},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[341,393],{"id":342,"name":343,"tactics":344,"countermeasures":348},"T1134.001","Token Impersonation/Theft",[345,346,347],{"id":35,"name":36},{"id":38,"name":39},{"id":32,"name":33},[349,353,357,361,365,369,373,377,381,385,389],{"id":350,"name":351,"tactic":352},"D3-CCSA","Credential Compromise Scope Analysis",{"name":57},{"id":354,"name":355,"tactic":356},"D3-CR","Credential Revocation",{"name":135},{"id":358,"name":359,"tactic":360},"D3-ANCI","Authentication Cache Invalidation",{"name":135},{"id":362,"name":363,"tactic":364},"D3-DUC","Decoy User Credential",{"name":144},{"id":366,"name":367,"tactic":368},"D3-CH","Credential Hardening",{"name":62},{"id":370,"name":371,"tactic":372},"D3-MFA","Multi-factor Authentication",{"name":62},{"id":374,"name":375,"tactic":376},"D3-CRO","Credential Rotation",{"name":62},{"id":378,"name":379,"tactic":380},"D3-TB","Token Binding",{"name":62},{"id":382,"name":383,"tactic":384},"D3-TBA","Token-based Authentication",{"name":62},{"id":386,"name":387,"tactic":388},"D3-RIC","Reissue Credential",{"name":67},{"id":390,"name":391,"tactic":392},"D3-CTS","Credential Transmission Scoping",{"name":185},{"id":394,"name":395,"tactics":396,"countermeasures":401},"T1550.004","Web Session Cookie",[397,398],{"id":35,"name":36},{"id":399,"name":400},"TA0109","Lateral Movement",[402,406,410,414,418,422,426,430,434,438,442,444,446,450,454,458,462,464,466,468,470,472,474,476,480,484,486,488,492,496],{"id":403,"name":404,"tactic":405},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":57},{"id":407,"name":408,"tactic":409},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":57},{"id":411,"name":412,"tactic":413},"D3-CSPP","Client-server Payload Profiling",{"name":57},{"id":415,"name":416,"tactic":417},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":57},{"id":419,"name":420,"tactic":421},"D3-NTSA","Network Traffic Signature Analysis",{"name":57},{"id":423,"name":424,"tactic":425},"D3-APCA","Application Protocol Command Analysis",{"name":57},{"id":427,"name":428,"tactic":429},"D3-NTCD","Network Traffic Community Deviation",{"name":57},{"id":431,"name":432,"tactic":433},"D3-RTSD","Remote Terminal Session Detection",{"name":57},{"id":435,"name":436,"tactic":437},"D3-PLA","Process Lineage Analysis",{"name":57},{"id":439,"name":440,"tactic":441},"D3-PSMD","Process Self-Modification Detection",{"name":57},{"id":128,"name":129,"tactic":443},{"name":57},{"id":350,"name":351,"tactic":445},{"name":57},{"id":447,"name":448,"tactic":449},"D3-PT","Process Termination",{"name":135},{"id":451,"name":452,"tactic":453},"D3-PS","Process Suspension",{"name":135},{"id":455,"name":456,"tactic":457},"D3-HR","Host Reboot",{"name":135},{"id":459,"name":460,"tactic":461},"D3-HS","Host Shutdown",{"name":135},{"id":354,"name":355,"tactic":463},{"name":135},{"id":358,"name":359,"tactic":465},{"name":135},{"id":362,"name":363,"tactic":467},{"name":144},{"id":366,"name":367,"tactic":469},{"name":62},{"id":370,"name":371,"tactic":471},{"name":62},{"id":374,"name":375,"tactic":473},{"name":62},{"id":386,"name":387,"tactic":475},{"name":67},{"id":477,"name":478,"tactic":479},"D3-NTF","Network Traffic Filtering",{"name":185},{"id":481,"name":482,"tactic":483},"D3-KBPI","Kernel-based Process Isolation",{"name":185},{"id":182,"name":183,"tactic":485},{"name":185},{"id":219,"name":220,"tactic":487},{"name":185},{"id":489,"name":490,"tactic":491},"D3-ABPI","Application-based Process Isolation",{"name":185},{"id":493,"name":494,"tactic":495},"D3-WSAM","Web Session Access Mediation",{"name":185},{"id":390,"name":391,"tactic":497},{"name":185},{"id":499,"name":500,"techniques":501},"CAPEC-61","Session Fixation",[],{"id":503,"name":504,"techniques":505},"CAPEC-62","Cross Site Request Forgery",[],{"id":507,"name":508,"techniques":509},"CAPEC-642","Replace Binaries",[510,516,530],{"id":511,"name":512,"tactics":513,"countermeasures":515},"T1505.005","Terminal Services DLL",[514],{"id":29,"name":30},[],{"id":517,"name":518,"tactics":519,"countermeasures":521},"T1554","Compromise Host Software Binary",[520],{"id":29,"name":30},[522,524,526,528],{"id":45,"name":46,"tactic":523},{"name":48},{"id":50,"name":51,"tactic":525},{"name":48},{"id":59,"name":60,"tactic":527},{"name":62},{"id":64,"name":65,"tactic":529},{"name":67},{"id":261,"name":262,"tactics":531,"countermeasures":537},[532,533,534,535,536],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[538,540,542,544,546],{"id":45,"name":46,"tactic":539},{"name":48},{"id":50,"name":51,"tactic":541},{"name":48},{"id":54,"name":55,"tactic":543},{"name":57},{"id":59,"name":60,"tactic":545},{"name":62},{"id":64,"name":65,"tactic":547},{"name":67},[],[550,551],"GHSA-63wg-qmrv-7q66","GO-2026-4299",[],[554],{"_key":555},"SUSE-SU-2026:0142-1",[],[558],{"_key":555},"2020-06-19T18:10:54.000Z","2024-08-05T21:37:44.368Z","Modified",{"cisa_kev":563,"cisa_ransomware":563,"cisa_vendor":9,"epss_severity":564,"epss_score":565,"severity":566,"severity_score":567,"severity_version":568,"severity_source":569,"severity_vector":570,"severity_status":561},false,"low",0.00195,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[572,579,585,590,594,598,602,606],{"url":573,"sources":574,"tags":576},"https://mattermost.com/security-updates/",[575,569],"cve.org",[577,578],"X Refsource CONFIRM","Vendor Advisory",{"url":580,"sources":581,"tags":583},"https://nvd.nist.gov/vuln/detail/CVE-2017-18896",[582],"osv_go",[584],"Advisory",{"url":586,"sources":587,"tags":588},"https://github.com/mattermost/mattermost/commit/3c34e2b2dcb0fde96a10e68d877aa7d0ab511669",[582],[589],"WEB",{"url":591,"sources":592,"tags":593},"https://github.com/mattermost/mattermost/commit/722fb1947a2e7395ccf16adce9206736d803a9f3",[582],[589],{"url":595,"sources":596,"tags":597},"https://github.com/mattermost/mattermost/commit/d38328976e2c8bb0fab91e656042a0d8ac37bc76",[582],[589],{"url":599,"sources":600,"tags":601},"https://github.com/mattermost/mattermost",[582],[589],{"url":603,"sources":604,"tags":605},"https://mattermost.com/security-updates",[582],[589],{"url":607,"sources":608,"tags":609},"https://github.com/advisories/GHSA-63wg-qmrv-7q66",[582],[584],[],{"date":612,"score":565,"percentile":613},"2026-06-05",0.4138,[615,618,621,624,627,630,633,636,639,642,645,647,650,652,655,658,661,664,666,669,672,675,678,680,683,686,689,692,695,698,701,704,707,710,713,716,719,722,725,728,731,734,737,740,743,746,749,752,755,758,761,764,767,770,773,775,778,781,783,786,789,792,795,797,800,802,804,807,810,813,816,819,822,825,828,831,834,837,840,843,846,849,852,855,858,861,864,867,870,873],{"date":616,"score":565,"percentile":617},"2025-11-04",0.41747,{"date":619,"score":565,"percentile":620},"2025-11-05",0.41737,{"date":622,"score":565,"percentile":623},"2025-11-06",0.41748,{"date":625,"score":565,"percentile":626},"2025-11-07",0.41774,{"date":628,"score":565,"percentile":629},"2025-11-08",0.41767,{"date":631,"score":565,"percentile":632},"2025-11-09",0.41745,{"date":634,"score":565,"percentile":635},"2025-11-10",0.41712,{"date":637,"score":565,"percentile":638},"2025-11-11",0.41725,{"date":640,"score":565,"percentile":641},"2025-11-12",0.41759,{"date":643,"score":565,"percentile":644},"2025-11-13",0.41773,{"date":646,"score":565,"percentile":626},"2025-11-14",{"date":648,"score":565,"percentile":649},"2025-11-15",0.41771,{"date":651,"score":565,"percentile":641},"2025-11-16",{"date":653,"score":565,"percentile":654},"2025-11-17",0.41728,{"date":656,"score":565,"percentile":657},"2025-11-18",0.37025,{"date":659,"score":565,"percentile":660},"2025-11-19",0.37035,{"date":662,"score":565,"percentile":663},"2025-11-20",0.37028,{"date":665,"score":565,"percentile":654},"2025-11-21",{"date":667,"score":565,"percentile":668},"2025-11-22",0.4173,{"date":670,"score":565,"percentile":671},"2025-11-23",0.41702,{"date":673,"score":565,"percentile":674},"2025-11-24",0.41692,{"date":676,"score":565,"percentile":677},"2025-11-25",0.41707,{"date":679,"score":565,"percentile":671},"2025-11-26",{"date":681,"score":565,"percentile":682},"2025-11-27",0.41706,{"date":684,"score":565,"percentile":685},"2025-11-28",0.41678,{"date":687,"score":565,"percentile":688},"2025-11-29",0.41653,{"date":690,"score":565,"percentile":691},"2025-11-30",0.41631,{"date":693,"score":565,"percentile":694},"2025-12-01",0.41752,{"date":696,"score":565,"percentile":697},"2025-12-02",0.4176,{"date":699,"score":565,"percentile":700},"2025-12-03",0.41761,{"date":702,"score":565,"percentile":703},"2025-12-04",0.41625,{"date":705,"score":565,"percentile":706},"2025-12-05",0.41651,{"date":708,"score":565,"percentile":709},"2025-12-06",0.41641,{"date":711,"score":565,"percentile":712},"2025-12-07",0.4162,{"date":714,"score":565,"percentile":715},"2025-12-08",0.41627,{"date":717,"score":565,"percentile":718},"2025-12-09",0.41661,{"date":720,"score":565,"percentile":721},"2025-12-10",0.41722,{"date":723,"score":565,"percentile":724},"2025-12-11",0.41753,{"date":726,"score":565,"percentile":727},"2025-12-12",0.4178,{"date":729,"score":565,"percentile":730},"2025-12-13",0.41763,{"date":732,"score":565,"percentile":733},"2025-12-14",0.41718,{"date":735,"score":565,"percentile":736},"2025-12-15",0.41705,{"date":738,"score":565,"percentile":739},"2025-12-16",0.41734,{"date":741,"score":565,"percentile":742},"2025-12-17",0.41775,{"date":744,"score":565,"percentile":745},"2025-12-18",0.41815,{"date":747,"score":565,"percentile":748},"2025-12-19",0.41828,{"date":750,"score":565,"percentile":751},"2025-12-20",0.41806,{"date":753,"score":565,"percentile":754},"2025-12-21",0.41764,{"date":756,"score":565,"percentile":757},"2025-12-22",0.41738,{"date":759,"score":565,"percentile":760},"2025-12-23",0.41741,{"date":762,"score":565,"percentile":763},"2025-12-24",0.41758,{"date":765,"score":565,"percentile":766},"2025-12-25",0.41807,{"date":768,"score":565,"percentile":769},"2025-12-26",0.41788,{"date":771,"score":565,"percentile":772},"2025-12-27",0.41802,{"date":774,"score":565,"percentile":733},"2025-12-28",{"date":776,"score":565,"percentile":777},"2025-12-29",0.41701,{"date":779,"score":565,"percentile":780},"2025-12-30",0.41691,{"date":782,"score":565,"percentile":620},"2025-12-31",{"date":784,"score":565,"percentile":785},"2026-01-01",0.4187,{"date":787,"score":565,"percentile":788},"2026-01-02",0.41845,{"date":790,"score":565,"percentile":791},"2026-01-03",0.41835,{"date":793,"score":565,"percentile":794},"2026-01-04",0.41677,{"date":796,"score":565,"percentile":688},"2026-01-05",{"date":798,"score":565,"percentile":799},"2026-01-06",0.41655,{"date":801,"score":565,"percentile":794},"2026-01-07",{"date":803,"score":565,"percentile":736},"2026-01-08",{"date":805,"score":565,"percentile":806},"2026-01-09",0.41685,{"date":808,"score":565,"percentile":809},"2026-01-10",0.41684,{"date":811,"score":565,"percentile":812},"2026-01-11",0.41654,{"date":814,"score":565,"percentile":815},"2026-01-12",0.41606,{"date":817,"score":565,"percentile":818},"2026-01-13",0.41584,{"date":820,"score":565,"percentile":821},"2026-01-14",0.41632,{"date":823,"score":565,"percentile":824},"2026-01-15",0.41624,{"date":826,"score":565,"percentile":827},"2026-01-16",0.41646,{"date":829,"score":565,"percentile":830},"2026-01-17",0.41621,{"date":832,"score":565,"percentile":833},"2026-01-18",0.41588,{"date":835,"score":565,"percentile":836},"2026-01-19",0.41554,{"date":838,"score":565,"percentile":839},"2026-01-20",0.41541,{"date":841,"score":565,"percentile":842},"2026-01-21",0.41543,{"date":844,"score":565,"percentile":845},"2026-01-22",0.41537,{"date":847,"score":565,"percentile":848},"2026-01-23",0.41596,{"date":850,"score":565,"percentile":851},"2026-01-24",0.41608,{"date":853,"score":565,"percentile":854},"2026-01-25",0.41556,{"date":856,"score":565,"percentile":857},"2026-01-26",0.41513,{"date":859,"score":565,"percentile":860},"2026-01-27",0.4151,{"date":862,"score":565,"percentile":863},"2026-01-28",0.41506,{"date":865,"score":565,"percentile":866},"2026-01-29",0.41488,{"date":868,"score":565,"percentile":869},"2026-01-30",0.41495,{"date":871,"score":565,"percentile":872},"2026-01-31",0.41501,{"date":874,"score":565,"percentile":875},"2026-02-01",0.4161,[877,886],{"source":569,"cvss_v2_0":878,"cvss_v3_0":9,"cvss_v3_1":883,"cvss_v4_0":9},{"baseScore":879,"baseSeverity":9,"vectorString":880,"impactScore":881,"exploitabilityScore":882},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":567,"baseSeverity":884,"vectorString":570,"impactScore":885,"exploitabilityScore":882},"MEDIUM",2.3,{"source":582,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":887,"cvss_v4_0":9},{"baseScore":567,"baseSeverity":9,"vectorString":570,"impactScore":885,"exploitabilityScore":882},[889,915],{"ecosystem":890,"name":891,"vendor":892,"product":893,"cpe_part":9,"purl_type":894,"purl_namespace":892,"purl_name":893,"source":9,"versions":895},"Go","github.com/mattermost/mattermost-server","github.com/mattermost","mattermost-server","golang",[896,904,908,911],{"version":897,"is_range":898,"range_type":899,"version_start":900,"version_start_type":901,"version_end":902,"version_end_type":903,"fixed_in":9},"gte4_2_0_rc1+incompatible_lt4_2_0+incompatible",true,"semver","4.2.0-rc1+incompatible","including","4.2.0+incompatible","excluding",{"version":905,"is_range":898,"range_type":899,"version_start":906,"version_start_type":901,"version_end":907,"version_end_type":903,"fixed_in":9},"gte4_1_0_lt4_1_1","4.1.0","4.1.1",{"version":909,"is_range":898,"range_type":899,"version_start":9,"version_start_type":9,"version_end":910,"version_end_type":903,"fixed_in":9},"lt4_0_5","4.0.5",{"version":912,"is_range":898,"range_type":899,"version_start":913,"version_start_type":901,"version_end":914,"version_end_type":903,"fixed_in":9},"gte4_2_0_rc1_lt4_2_0","4.2.0-rc1","4.2.0",{"ecosystem":9,"name":916,"vendor":917,"product":918,"cpe_part":919,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":920},"mattermost server","mattermost","mattermost_server","a",[921,924,926,928,930,932],{"version":922,"is_range":898,"range_type":923,"version_start":9,"version_start_type":9,"version_end":910,"version_end_type":903,"fixed_in":9},"lt4.0.5","cpe",{"version":925,"is_range":898,"range_type":923,"version_start":906,"version_start_type":901,"version_end":907,"version_end_type":903,"fixed_in":9},"gte4.1.0_lt4.1.1",{"version":927,"is_range":563,"range_type":923,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc1",{"version":929,"is_range":563,"range_type":923,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc2",{"version":931,"is_range":563,"range_type":923,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc3",{"version":933,"is_range":563,"range_type":923,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.2.0:rc4"]