CVE-2019-20877 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-20877

CWE

https://cwe.mitre.org/data/definitions/.html

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.

Affected Software

Name	Vendor	Start Version	End Version
Mattermost_server	Mattermost	*	4.10.8 (excluding)
Mattermost_server	Mattermost	5.7.0 (including)	5.7.3 (excluding)
Mattermost_server	Mattermost	5.8.0 (including)	5.8.1 (excluding)
Mattermost_server	Mattermost	5.9.0-rc1 (including)	5.9.0-rc1 (including)
Mattermost_server	Mattermost	5.9.0-rc2 (including)	5.9.0-rc2 (including)
Mattermost_server	Mattermost	5.9.0-rc3 (including)	5.9.0-rc3 (including)
Mattermost_server	Mattermost	5.9.0-rc4 (including)	5.9.0-rc4 (including)

References

https://mattermost.com/security-updates/