CVE-2018-21251

CRITICAL

Mattermost Server < 5.1.1 - Missing Authorization

Title source: rule

Description

An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.

References (1)

[Vendor Advisory] https://mattermost.com/security-updates/

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 60.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-862

Status published

Affected Products (7)

mattermost/mattermost_server < 5.1.1

mattermost/mattermost_server

Timeline

Published Jun 19, 2020

Tracked Since Feb 18, 2026