CVE-2019-20841
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
31.5%
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
| mattermost | mattermost_server | 5.18.0 | cpe:2.3:a:mattermost:mattermost_server:5.18.0:rc1:*:*:*:*:*:* |
| mattermost | mattermost_server | 5.18.0 | cpe:2.3:a:mattermost:mattermost_server:5.18.0:rc2:*:*:*:*:*:* |
| mattermost | mattermost_server | 5.18.0 | cpe:2.3:a:mattermost:mattermost_server:5.18.0:rc3:*:*:*:*:*:* |
| mattermost | mattermost_server | 5.18.0 | cpe:2.3:a:mattermost:mattermost_server:5.18.0:rc4:*:*:*:*:*:* |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
31.5%