{"id":"CVE-2017-18918","details":"An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.","aliases":["GHSA-5ghq-28r7-qwfj","GO-2026-4460"],"modified":"2026-03-14T09:23:03.116353Z","published":"2020-06-19T20:15:12.587Z","related":["SUSE-SU-2026:0757-1"],"references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"aafb8be87c79c60df7534b3b69f967c6301b157e"},{"fixed":"a12e7fdca439948ab097431d68e8f59778fbab81"},{"introduced":"8568afe5b4fb4d26b14fbc0d21f088eaa490b314"},{"fixed":"8ec37570742b67fd640bb3434ea226c655dbf408"}],"database_specific":{"versions":[{"introduced":"3.6.0"},{"fixed":"3.6.5"},{"introduced":"3.7.0"},{"fixed":"3.7.3"}]}}],"versions":["v3.6.0","v3.6.1","v3.7.0","v3.7.1","v3.7.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18918.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}]}