Vulnerabilities > CVE-2021-37866 - Insufficient Session Expiration vulnerability in Mattermost Boards

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mattermost
CWE-613

Summary

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.

Vulnerable Configurations

Part Description Count
Application
Mattermost
1

Common Weakness Enumeration (CWE)