Information Disclosure in Mattermost Server by Mattermost
CVE-2016-11066

7.5HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost Server
Vendor: CVE Published:; 19 June 2020

Summary

A vulnerability was identified in Mattermost Server prior to version 3.2.0, wherein the initial_load API inadvertently disclosed sensitive personal information. This issue raises significant concerns regarding user data privacy and the protection of personally identifiable information (PII). Organizations using affected versions should apply updates promptly to mitigate potential data exposure risks.

References

https://mattermost.com/security-updates/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2020
Vulnerability Reserved
Jun 19, 2020