CVE-2017-18909
Mattermost Server before 3.9.0 with SAML enabled is affected. The root cause is that encryption and signature verification are not mandatory in the SAML flow, which can weaken protection of SAML data. Affected product: Mattermost Server (pre-3.9.0). No explicit exploit details, mitigation steps, ...