Improper Preservation of Permissions in Mattermost Server - CVE-2019-20843

 

Improper Preservation of Permissions in Mattermost Server - CVE-2019-20843

Published: June 19, 2020 / Updated: July 17, 2020


Vulnerability identifier: #VU30250
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-20843
CWE-ID:
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mattermost, Inc.
Affected software:
Mattermost Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.


How to mitigate CVE-2019-20843

Install update from vendor's website.

Sources