Main Vulnerability Database Vulnerabilities #VU30247

Information disclosure in Mattermost Server - CVE-2019-20855

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30247

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20855

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mattermost, Inc.

Affected software:
Mattermost Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.

How to mitigate CVE-2019-20855

Install update from vendor's website.

Sources

https://mattermost.com/security-updates/

Information disclosure in Mattermost Server - CVE-2019-20855

Detailed vulnerability description

How to mitigate CVE-2019-20855

Sources

Please verify you're human