PT-2020-14016 · Mattermost · Mattermost Desktop App

Published

2020-06-19

Updated

2020-06-25

CVE-2020-14456

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 4.4.0

Description An issue was discovered where the Same Origin Policy is mishandled during access-control decisions for web APIs.

Recommendations For versions prior to 4.4.0, update to version 4.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to web APIs to minimize the risk of exploitation.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2020-14456

Affected Products

Mattermost Desktop App

PT-2020-14016 · Mattermost · Mattermost Desktop App

CVE-2020-14456

Weakness Enumeration

Related Identifiers

Affected Products

References · 4