CVE-2020-14460

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-14460

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14460.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-14460

Aliases

BIT-mattermost-2020-14460

Published

2020-06-19T14:15:12.010Z

Modified

2026-04-10T04:23:23.869430Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

Fixed

10d179ab02abdb5981bae4a50db95d2a3153bc8c

Introduced

6597fdb40134965e26f715854dc85f5e6cfaa6df

Fixed

06d3d0f763853a9db0bd88ed8715b93506a45a3e

Introduced

c81e4f87c20a717b1dc52b2b77780fa789e19148

Fixed

35ea48a071f2837d30217cefb2de7d7855fe7f77

Introduced

cd38d63bf448ae791f252c3704a705e94b26959f

Fixed

539217ef5b26b746bc2a5914165c0a36d801baaf

Introduced

Last affected

e542798b11a5404a7064ed94513346cad2b9c33d

Introduced

Last affected

070b6a581d48e4e186879c8b2cdf46e094f3ed11

Introduced

Last affected

90cf883f84000d6fdb025308ad14d56e6ed53f05

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.9.8"
        },
        {
            "introduced": "5.16.0"
        },
        {
            "fixed": "5.16.5"
        },
        {
            "introduced": "5.17.0"
        },
        {
            "fixed": "5.17.3"
        },
        {
            "introduced": "5.18.0"
        },
        {
            "fixed": "5.18.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.19.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.19.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.19.0-rc3"
        }
    ]
}

Affected versions

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.16.0

v5.16.0-rc3

v5.16.1

v5.16.1-rc1

v5.16.1-rc2

v5.16.2

v5.16.2-rc1

v5.16.3

v5.16.3-rc1

v5.16.4

v5.17.0

v5.17.0-rc3

v5.17.0-rc4

v5.17.1

v5.17.1-rc1

v5.17.2

v5.18.0

v5.18.0-rc3

v5.18.0-rc4

v5.19.0

v5.19.0-rc1

v5.19.0-rc2

v5.19.0-rc3

v5.2.0-rc1

v5.2.0-rc2

v5.8.0

v5.8.0-rc1

v5.8.0-rc2

v5.8.0-rc3

v5.8.0-rc4

v5.9.0

v5.9.0-rc1

v5.9.0-rc2

v5.9.0-rc3

v5.9.0-rc4

v5.9.1

v5.9.1-rc1

v5.9.2

v5.9.2-rc1

v5.9.3

v5.9.3-rc1

v5.9.4

v5.9.4-rc1

v5.9.5

v5.9.5-rc1

v5.9.6

v5.9.6-rc1

v5.9.7

v5.9.7-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14460.json"