CVE-2019-20879

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Name	Vendor	Start Version	End Version
Mattermost_server	Mattermost	*	4.10.7 (excluding)
Mattermost_server	Mattermost	5.6.0 (including)	5.6.5 (excluding)
Mattermost_server	Mattermost	5.7.0 (including)	5.7.2 (excluding)
Mattermost_server	Mattermost	5.8.0-rc1 (including)	5.8.0-rc1 (including)
Mattermost_server	Mattermost	5.8.0-rc2 (including)	5.8.0-rc2 (including)
Mattermost_server	Mattermost	5.8.0-rc3 (including)	5.8.0-rc3 (including)
Mattermost_server	Mattermost	5.8.0-rc4 (including)	5.8.0-rc4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-20879
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication