CVE-2019-20875
Mattermost Server vulnerable versions prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8 allow a password reset to proceed while an email address is being changed. Nexus of the issue is not detailed in the provided documents beyond this description. Affected component is the password reset flow; root cause...