8.8

CVE-2019-20865

An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.

Data is provided by the National Vulnerability Database (NVD)
MattermostMattermost Server Version < 4.10.10
MattermostMattermost Server Version >= 5.9.0 < 5.9.2
MattermostMattermost Server Version >= 5.10.0 < 5.10.2
MattermostMattermost Server Version >= 5.11.0 < 5.11.1
MattermostMattermost Server Version5.12.0 Updaterc1
MattermostMattermost Server Version5.12.0 Updaterc2
MattermostMattermost Server Version5.12.0 Updaterc3
MattermostMattermost Server Version5.12.0 Updaterc4
MattermostMattermost Server Version5.12.0 Updaterc5
MattermostMattermost Server Version5.12.0 Updaterc6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.17% 0.35
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.