CVE-2020-14460 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-14460

CWE

https://cwe.mitre.org/data/definitions/.html

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.

Affected Software

Name	Vendor	Start Version	End Version
Mattermost_server	Mattermost	*	5.9.8 (excluding)
Mattermost_server	Mattermost	5.16.0 (including)	5.16.5 (excluding)
Mattermost_server	Mattermost	5.17.0 (including)	5.17.3 (excluding)
Mattermost_server	Mattermost	5.18.0 (including)	5.18.1 (excluding)
Mattermost_server	Mattermost	5.19.0-rc1 (including)	5.19.0-rc1 (including)
Mattermost_server	Mattermost	5.19.0-rc2 (including)	5.19.0-rc2 (including)
Mattermost_server	Mattermost	5.19.0-rc3 (including)	5.19.0-rc3 (including)

References

https://mattermost.com/security-updates/