Sensitive Information Disclosure during Legacy Attachment Migration in Mattermost Server

Sensitive Information Disclosure during Legacy Attachment Migration in Mattermost Server

CVE-2019-20855 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.

Learn more about our Cis Benchmark Audit For Server Software.