CVE Vulnerabilities

CVE-2019-20877

Published: Jun 19, 2020 | Modified: Jul 21, 2021
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.

Affected Software

Name Vendor Start Version End Version
Mattermost_server Mattermost * 4.10.8 (excluding)
Mattermost_server Mattermost 5.7.0 (including) 5.7.3 (excluding)
Mattermost_server Mattermost 5.8.0 (including) 5.8.1 (excluding)
Mattermost_server Mattermost 5.9.0-rc1 (including) 5.9.0-rc1 (including)
Mattermost_server Mattermost 5.9.0-rc2 (including) 5.9.0-rc2 (including)
Mattermost_server Mattermost 5.9.0-rc3 (including) 5.9.0-rc3 (including)
Mattermost_server Mattermost 5.9.0-rc4 (including) 5.9.0-rc4 (including)

References