Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
References
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-02-27T14:46:23.494Z

Updated: 2024-12-06T23:06:38.055Z

Reserved: 2023-02-27T14:31:01.786Z

Link: CVE-2023-27265

cve-icon Vulnrichment

Updated: 2024-08-02T12:09:42.689Z

cve-icon NVD

Status : Modified

Published: 2023-02-27T15:15:11.997

Modified: 2024-11-21T07:52:33.653

Link: CVE-2023-27265

cve-icon Redhat

No data.