Vulnerability Details CVE-2021-37866
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.3%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 5.0
Products affected by CVE-2021-37866
-
cpe:2.3:a:mattermost:mattermost_boards:0.10.0