Main Vulnerability Database Vulnerabilities #VU30250

#VU30250 Improper Preservation of Permissions in Mattermost Server - CVE-2019-20843

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30250

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20843

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.

Install update from vendor's website.