Main Vulnerability Database Vulnerabilities #VU30226

#VU30226 Missing Authorization in Mattermost Server - CVE-2018-21251

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30226

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-21251

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.

Remediation

Install update from vendor's website.

External links

https://mattermost.com/security-updates/

#VU30226 Missing Authorization in Mattermost Server - CVE-2018-21251

Description

Remediation

External links

Please verify you're human