An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVSS Metrics
