{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "5.1.1" }, { "introduced": "0" }, { "last_affected": "5.2.0-rc1" }, { "introduced": "0" }, { "last_affected": "5.2.0-rc2" }, { "introduced": "0" }, { "last_affected": "5.2.0-rc3" }, { "introduced": "0" }, { "last_affected": "5.2.0-rc4" }, { "introduced": "0" }, { "last_affected": "5.2.0-rc5" }, { "introduced": "0" }, { "last_affected": "5.2.0-rc6" } ] }, "events": [ { "introduced": "0" }, { "fixed": "77274a7aca64491a1898d4e4239158817a503a8e" }, { "introduced": "0" }, { "last_affected": "9bf01f1401ed47afc4fc443974e2bd4db50b2f50" }, { "introduced": "0" }, { "last_affected": "9bf01f1401ed47afc4fc443974e2bd4db50b2f50" }, { "introduced": "0" }, { "last_affected": "687700a989810ec99bc6b52a1e3900a237a4cd54" }, { "introduced": "0" }, { "last_affected": "687700a989810ec99bc6b52a1e3900a237a4cd54" }, { "introduced": "0" }, { "last_affected": "43483805eabcb36ef9018f12a82a6d3ac055baf5" }, { "introduced": "0" }, { "last_affected": "43483805eabcb36ef9018f12a82a6d3ac055baf5" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.", "id": "CVE-2018-21251", "modified": "2026-03-13T21:48:23.266588608Z", "published": "2020-06-19T17:15:12.490Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }