Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1486820 | Exploit Third Party Advisory |
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-04-19T20:26:27
Updated: 2022-04-19T20:26:27
Reserved: 2022-04-18T00:00:00
Link: CVE-2022-1385
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-19T21:15:14.103
Modified: 2022-04-27T21:19:41.490
Link: CVE-2022-1385
JSON object: View
Redhat Information
No data.