Type confusion

2020-06-1914:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.

CPENameOperatorVersion
mattermost_serverlt5.9.7
mattermost_serverge5.15.0
mattermost_serverlt5.15.4
mattermost_serverge5.16.0
mattermost_serverlt5.16.4
mattermost_serverge5.17.0
mattermost_serverlt5.17.2
mattermost_servereq5.18.0 rc1
mattermost_servereq5.18.0 rc2
mattermost_servereq5.18.0 rc3

Name	Operator	Version
mattermost_server	lt	5.9.7
mattermost_server	ge	5.15.0
mattermost_server	lt	5.15.4
mattermost_server	ge	5.16.0
mattermost_server	lt	5.16.4
mattermost_server	ge	5.17.0
mattermost_server	lt	5.17.2
mattermost_server	eq	5.18.0 rc1
mattermost_server	eq	5.18.0 rc2
mattermost_server	eq	5.18.0 rc3

Rows per page:

1-10 of 111

References

mattermost.com/security-updates/