Main Vulnerability Database Vulnerabilities #VU30234

Information disclosure in Mattermost Server - CVE-2019-20877

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30234

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20877

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.

Remediation

Install update from vendor's website.

External links

https://mattermost.com/security-updates/

Information disclosure in Mattermost Server - CVE-2019-20877

Description

Remediation

External links

Please verify you're human