Local Logging Flaw in Mattermost Mobile Apps Exposes Sensitive Data
CVE-2019-20852

7.5HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost Mobile
Vendor: CVE Published:; 19 June 2020

Summary

A vulnerability has been identified in Mattermost Mobile Apps prior to version 1.26.0, where local logging mechanisms fail to adequately protect sensitive information. This issue allows for the potential exposure of private data such as server addresses and message content, raising significant concerns over data privacy and application security. It is crucial for users to upgrade to the latest version to mitigate risks associated with this logging flaw.

References

https://mattermost.com/security-updates/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2020
Vulnerability Reserved
Jun 19, 2020