CVE-2019-20877

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-20877
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20877.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-20877
Published
2020-06-19T17:15:13.317Z
Modified
2026-04-10T04:13:17.284234Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.

References

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e1b0373e5e3283449f0e40a4b6c59f083da2f16e
Introduced
7e5fda43bda67cd061e527b64046f241c2d6cc32
Fixed
3ff8ae8111f37a601af0a17af95feadc23a8f7ea
Introduced
24f11a12758fe75ce06269be7f9fb7bb790aec43
Fixed
f1414dd14a5d282102a9261ec24c2e6b6a83ffe1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c25b7fc6484760bd7a608335b49c56f0a52f27ec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7bdce0de199de6342ae405283a39902817bec5ac
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f0643fd7effede8a64cf84d1dceafa9ee26a5d00
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ef499caae2bb751438b19151a9fcb4b27830bca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.10.8"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "fixed": "5.7.3"
        },
        {
            "introduced": "5.8.0"
        },
        {
            "fixed": "5.8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.9.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.9.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.9.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.9.0-rc4"
        }
    ]
}

Affected versions

v0.*
v0.5.0
v4.*
v4.10.0
v4.10.0-rc1
v4.10.0-rc2
v4.10.0-rc3
v4.10.0-rc4
v4.10.0-rc5
v4.10.1
v4.10.1-rc1
v4.10.2
v4.10.2-rc1
v4.10.3
v4.10.3-rc1
v4.10.4
v4.10.4-rc1
v4.10.5
v4.10.5-rc1
v4.10.6
v4.10.6-rc1
v4.10.7
v4.10.7-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.7.0
v5.7.0-rc6
v5.7.1
v5.7.1-rc1
v5.7.2
v5.7.2-rc1
v5.8.0
v5.8.0-rc4
v5.8.1-rc1
v5.9.0
v5.9.0-rc1
v5.9.0-rc2
v5.9.0-rc3
v5.9.0-rc4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20877.json"