An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mattermost_server | Mattermost | * | 4.10.3 (excluding) |
Mattermost_server | Mattermost | 5.0.0 (including) | 5.0.3 (excluding) |
Mattermost_server | Mattermost | 5.1.0 (including) | 5.1.1 (excluding) |
Mattermost_server | Mattermost | 5.2.0-rc1 (including) | 5.2.0-rc1 (including) |
Mattermost_server | Mattermost | 5.2.0-rc2 (including) | 5.2.0-rc2 (including) |
Mattermost_server | Mattermost | 5.2.0-rc3 (including) | 5.2.0-rc3 (including) |
Mattermost_server | Mattermost | 5.2.0-rc4 (including) | 5.2.0-rc4 (including) |
Mattermost_server | Mattermost | 5.2.0-rc5 (including) | 5.2.0-rc5 (including) |
Mattermost_server | Mattermost | 5.2.0-rc6 (including) | 5.2.0-rc6 (including) |