Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
{ "cpes": [ "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*" ], "severity": "High" }