CVE-2019-20887
published 2020-06-19CVE-2019-20887: An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost_server | < 4.10.6 | 4.10.6 |
| mattermost | mattermost_server | >= 5.5.0 < 5.5.3 | 5.5.3 |
| mattermost | mattermost_server | >= 5.6.0 < 5.6.4 | 5.6.4 |
| mattermost | mattermost_server | >= 5.7.0 < 5.7.1 | 5.7.1 |