{"alias":[],"description":"An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.","epss":{"percentile":"0.54265","score":"0.003110"},"id":"CVE-2016-11076","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"NETWORK","authentication":"NONE","availability_impact":"NONE","base_score":5.0,"base_severity":"MEDIUM","confidentiality_impact":"PARTIAL","exploitability_score":10.0,"impact_score":2.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:N\/AC:L\/Au:N\/C:P\/I:N\/A:N","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"NONE","base_score":5.3,"base_severity":"MEDIUM","confidentiality_impact":"LOW","exploitability_score":3.9,"impact_score":1.4,"integrity_impact":"NONE","privileges_required":"NONE","scope":"UNCHANGED","user_interaction":"NONE","vector_string":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","version":"3.1"}},"modified":"2024-11-21T02:45:26","nvd_status":"Modified","published":"2020-06-19T20:15:11","score":5.3,"severity":"MEDIUM","source":"cve@mitre.org","status":"PUBLISHED","weaknesses":[{"id":"CWE-295","name":"Improper Certificate Validation","type":"weakness"}]}