What the vulnerability does
01Description
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
What the vulnerability does
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
Key dates
External resources
Related vulnerabilities