CVE-2018-21252

MEDIUM

Mattermost Server < 4.10.3 - Incorrect Permission Assignment

Title source: rule

Description

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://mattermost.com/security-updates/

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 35.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-732

Status published

Products (2)

mattermost/mattermost_server 5.2.0 rc1 (6 CPE variants)

mattermost/mattermost_server < 4.10.3

Published Jun 19, 2020

Tracked Since Feb 18, 2026