PT-2020-8896 · Mattermost · Mattermost Server

Published

2020-06-19

Updated

2020-06-26

CVE-2018-21253

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mattermost Server versions prior to 5.1 Mattermost Server version 5.0.2 and earlier Mattermost Server version 4.10.2 and earlier

Description An issue was discovered in Mattermost Server. An attacker could use the invite people slash command to invite a non-permitted user.

Recommendations For versions prior to 5.1, update to version 5.1 or later. For version 5.0.2 and earlier, update to version 5.0.3 or later. For version 4.10.2 and earlier, update to version 4.10.3 or later. As a temporary workaround, consider restricting the use of the invite people slash command until a patch is available.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-21253

Affected Products

Mattermost Server

PT-2020-8896 · Mattermost · Mattermost Server

CVE-2018-21253

Weakness Enumeration

Related Identifiers

Affected Products

References · 4