{"id":"CVE-2020-14460","details":"An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.","aliases":["BIT-mattermost-2020-14460"],"modified":"2026-04-10T04:23:23.869430Z","published":"2020-06-19T14:15:12.010Z","references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"0"},{"fixed":"10d179ab02abdb5981bae4a50db95d2a3153bc8c"},{"introduced":"6597fdb40134965e26f715854dc85f5e6cfaa6df"},{"fixed":"06d3d0f763853a9db0bd88ed8715b93506a45a3e"},{"introduced":"c81e4f87c20a717b1dc52b2b77780fa789e19148"},{"fixed":"35ea48a071f2837d30217cefb2de7d7855fe7f77"},{"introduced":"cd38d63bf448ae791f252c3704a705e94b26959f"},{"fixed":"539217ef5b26b746bc2a5914165c0a36d801baaf"},{"introduced":"0"},{"last_affected":"e542798b11a5404a7064ed94513346cad2b9c33d"},{"introduced":"0"},{"last_affected":"070b6a581d48e4e186879c8b2cdf46e094f3ed11"},{"introduced":"0"},{"last_affected":"90cf883f84000d6fdb025308ad14d56e6ed53f05"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.9.8"},{"introduced":"5.16.0"},{"fixed":"5.16.5"},{"introduced":"5.17.0"},{"fixed":"5.17.3"},{"introduced":"5.18.0"},{"fixed":"5.18.1"},{"introduced":"0"},{"last_affected":"5.19.0-rc1"},{"introduced":"0"},{"last_affected":"5.19.0-rc2"},{"introduced":"0"},{"last_affected":"5.19.0-rc3"}]}}],"versions":["v0.5.0","v4.10.0-rc1","v4.2.0-rc1","v4.3.0-rc1","v4.4.0-rc1","v4.5.0-rc1","v4.6.0-rc1","v4.6.0-rc2","v4.7.0-rc1","v4.8.0-rc1","v4.9.0-rc1","v5.0.0-rc1","v5.1.0-rc1","v5.16.0","v5.16.0-rc3","v5.16.1","v5.16.1-rc1","v5.16.1-rc2","v5.16.2","v5.16.2-rc1","v5.16.3","v5.16.3-rc1","v5.16.4","v5.17.0","v5.17.0-rc3","v5.17.0-rc4","v5.17.1","v5.17.1-rc1","v5.17.2","v5.18.0","v5.18.0-rc3","v5.18.0-rc4","v5.19.0","v5.19.0-rc1","v5.19.0-rc2","v5.19.0-rc3","v5.2.0-rc1","v5.2.0-rc2","v5.8.0","v5.8.0-rc1","v5.8.0-rc2","v5.8.0-rc3","v5.8.0-rc4","v5.9.0","v5.9.0-rc1","v5.9.0-rc2","v5.9.0-rc3","v5.9.0-rc4","v5.9.1","v5.9.1-rc1","v5.9.2","v5.9.2-rc1","v5.9.3","v5.9.3-rc1","v5.9.4","v5.9.4-rc1","v5.9.5","v5.9.5-rc1","v5.9.6","v5.9.6-rc1","v5.9.7","v5.9.7-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14460.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}