BIT-mattermost-2022-1385
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2022-1385.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-mattermost-2022-1385
- Aliases
- Published
- 2024-03-06T11:03:56.998Z
- Modified
- 2024-11-27T19:40:48.342Z
- Summary
- [none]
- Details
-
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
- Database specific
{ "cpes": [ "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*" ], "severity": "Low" }- References
Affected packages
Bitnami / mattermost
Package
- Name
- mattermost
- Purl
- pkg:bitnami/mattermost
Severity
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator