CVE-2019-20851

CRITICAL

Mattermost Mobile Apps < 1.26.0 - Path Traversal and Arbitrary File Write via Video Preview Feature

Title source: llm
STIX 2.1

Description

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://mattermost.com/security-updates/

Scores

CVSS v3 9.1
EPSS 0.0079
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
mattermost/mattermost < 1.26.0 (2 CPE variants)
Published Jun 19, 2020
Tracked Since Feb 18, 2026