Mattermost Server@5.16.0 Security Vulnerabilities and Issues — Mattermost Server@5.16.0 CVE List

Lucene search

MattermostMattermost Server5.16.0

6 matches found

CVE•added 2020/06/19 2:15 p.m.•37 views

CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.

7.5CVSS7.5AI score0.00209EPSS

CVE•added 2020/06/19 2:15 p.m.•36 views

CVE-2019-20842

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.

7.2CVSS7.4AI score0.00432EPSS

CVE•added 2020/06/19 3:15 p.m.•34 views

CVE-2019-20855

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.

7.5CVSS7.2AI score0.00322EPSS

CVE•added 2020/06/19 2:15 p.m.•32 views

CVE-2019-20841

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.

8.8CVSS8.5AI score0.00142EPSS

CVE•added 2020/06/19 2:15 p.m.•32 views

CVE-2019-20844

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.

6.5CVSS6.3AI score0.00131EPSS

CVE•added 2020/06/19 2:15 p.m.•32 views

CVE-2020-14460

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.

6.5CVSS6.4AI score0.00231EPSS