CVE-2016-11077
published 2020-06-19CVE-2016-11077: An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of…
PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.62%
45.5th percentile
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 3.0.0 | 3.0.0 |
| github.com | mattermost_mattermost-server | >= 0 < 3.0.0+incompatible | 3.0.0+incompatible |
| mattermost | mattermost_server | < 3.0.0 | 3.0.0 |
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mattermost Server allows System Admin to modify LDAP account names and email addresses in github.com/mattermost/mattermost-server
osv·2025-10-30
CVE-2016-11077 Mattermost Server allows System Admin to modify LDAP account names and email addresses in github.com/mattermost/mattermost-server
Mattermost Server allows System Admin to modify LDAP account names and email addresses in github.com/mattermost/mattermost-server
Mattermost Server allows System Admin to modify LDAP account names and email addresses in github.com/mattermost/mattermost-server
OSV
Mattermost Server allows System Admin to modify LDAP account names and email addresses
osv·2022-05-24
CVE-2016-11077 [LOW] Mattermost Server allows System Admin to modify LDAP account names and email addresses
Mattermost Server allows System Admin to modify LDAP account names and email addresses
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
GHSA
Mattermost Server allows System Admin to modify LDAP account names and email addresses
ghsa·2022-05-24
CVE-2016-11077 [LOW] CWE-732 Mattermost Server allows System Admin to modify LDAP account names and email addresses
Mattermost Server allows System Admin to modify LDAP account names and email addresses
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-19
Published