CVE-2020-14460

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-14460
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14460.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14460
Aliases
Published
2020-06-19T14:15:12.010Z
Modified
2026-02-10T04:27:25.238321Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.

References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost
Events
Introduced
98074be9d6c820fc6fee56900f7a0c0449796aa1
Fixed
14f7328005b151c2b02960a7479c6d725e6f630e
Fixed
e5f1dd6e7aff811d865d75c8429bb3e1c9be5898

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14460.json"

Git / github.com/mattermost/mattermost-server

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events
Introduced
6597fdb40134965e26f715854dc85f5e6cfaa6df
Fixed
06d3d0f763853a9db0bd88ed8715b93506a45a3e
Fixed
10d179ab02abdb5981bae4a50db95d2a3153bc8c
Introduced
c81e4f87c20a717b1dc52b2b77780fa789e19148
Fixed
35ea48a071f2837d30217cefb2de7d7855fe7f77
Introduced
cd38d63bf448ae791f252c3704a705e94b26959f
Fixed
539217ef5b26b746bc2a5914165c0a36d801baaf

Affected versions

v5.*
v5.16.0
v5.16.0-rc3
v5.16.1
v5.16.1-rc1
v5.16.1-rc2
v5.16.2
v5.16.2-rc1
v5.16.3
v5.16.3-rc1
v5.16.4
v5.17.0
v5.17.0-rc1
v5.17.0-rc2
v5.17.0-rc3
v5.17.0-rc4
v5.17.1
v5.17.1-rc1
v5.17.2
v5.18.0
v5.18.0-rc3
v5.18.0-rc4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14460.json"