Main Vulnerability Database Vulnerabilities #VU30245

Information disclosure in Mattermost Server - CVE-2019-20873

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30245

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20873

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mattermost, Inc.

Affected software:
Mattermost Server

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.

How to mitigate CVE-2019-20873

Install update from vendor's website.

Sources

https://mattermost.com/security-updates/

Information disclosure in Mattermost Server - CVE-2019-20873

Detailed vulnerability description

How to mitigate CVE-2019-20873

Sources

Please verify you're human