{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "5.9.7" }, { "introduced": "5.15.0" }, { "fixed": "5.15.4" }, { "introduced": "5.16.0" }, { "fixed": "5.16.4" }, { "introduced": "5.17.0" }, { "fixed": "5.17.2" }, { "introduced": "0" }, { "last_affected": "5.18.0-rc1" }, { "introduced": "0" }, { "last_affected": "5.18.0-rc2" }, { "introduced": "0" }, { "last_affected": "5.18.0-rc3" }, { "introduced": "0" }, { "last_affected": "5.18.0-rc4" } ] }, "events": [ { "introduced": "0" }, { "fixed": "1c81f4f5f7d6212d93a5bb8fc95c43252d22fc59" }, { "introduced": "f4f7fd0829d74fcd5e290fd1ba76845af18e553e" }, { "fixed": "0e3514cb61a6ce17d8e5edfad2c4793ab1cdec8a" }, { "introduced": "6597fdb40134965e26f715854dc85f5e6cfaa6df" }, { "fixed": "e16012435f82afafdfdd7963e95d86c9e8538322" }, { "introduced": "c81e4f87c20a717b1dc52b2b77780fa789e19148" }, { "fixed": "ca0518420b931db0923c97ec17e05e150a729a64" }, { "introduced": "0" }, { "last_affected": "20f13aa07eb468e29bc0dd1a52941cb7c4532ccb" }, { "introduced": "0" }, { "last_affected": "40ad08f0c091c9c74065372fa09534134c1643d7" }, { "introduced": "0" }, { "last_affected": "cd38d63bf448ae791f252c3704a705e94b26959f" }, { "introduced": "0" }, { "last_affected": "cd38d63bf448ae791f252c3704a705e94b26959f" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.", "id": "CVE-2019-20841", "modified": "2026-03-13T21:55:14.456931755Z", "published": "2020-06-19T14:15:10.307Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }