Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVE-2019-20844
Summary
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
References
Advisory Timeline
- Published