#VU30251 Improper Enforcement of Message Integrity During Transmission in a Communication Channel in Mattermost Server - CVE-2019-20844
Published: June 19, 2020 / Updated: July 17, 2020
Vulnerability identifier: #VU30251
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-20844
CWE-ID: CWE-924
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mattermost Server
Mattermost Server
Software vendor:
Mattermost, Inc.
Mattermost, Inc.
Description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
Remediation
Install update from vendor's website.