Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2022-04-19T20:26:27

Updated: 2024-12-06T23:09:33.235Z

Reserved: 2022-04-18T00:00:00

Link: CVE-2022-1385

cve-icon Vulnrichment

Updated: 2024-08-03T00:03:06.033Z

cve-icon NVD

Status : Modified

Published: 2022-04-19T21:15:14.103

Modified: 2024-11-21T06:40:37.390

Link: CVE-2022-1385

cve-icon Redhat

No data.