Server-Side Request Forgery (SSRF) in Mattermost Server - CVE-2019-20872
Published: June 19, 2020 / Updated: July 17, 2020
Vulnerability identifier: #VU30244
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-20872
CWE-ID: CWE-918
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Mattermost, Inc.
Affected software:
Mattermost Server
Mattermost Server
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
How to mitigate CVE-2019-20872
Install update from vendor's website.