CVE-2020-14458 — Sensitive Information Exposure in Server

CWE-200 — Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 44.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mattermost Server
Timeline
PublishedJun 19
Latest updateMay 24

Description

An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8jgx-6gx2-jgqm: An issue was discovered in Mattermost Server before 5↗2022-05-24
â–¶
CVEList
CVE-2020-14458: An issue was discovered in Mattermost Server before 5↗2020-06-19
â–¶

💥Exploits & PoCs

1
Exploit-DB
Hotel Management System 1.0 - Remote Code Execution (Authenticated)↗2020-10-16
â–¶
CVE-2020-14458 — Sensitive Information Exposure | cvebase