Vulnerabilities > CVE-2021-37866 - Insufficient Session Expiration vulnerability in Mattermost Boards 0.10.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mattermost

CWE-613

NVD

Published: 2022-01-18

Updated: 2022-02-03

Summary

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.

Vulnerable Configurations

Part	Description	Count
Application	Mattermost Mattermost Mattermost Boards 0.10.0	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://mattermost.com/security-updates/
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37866