MEDIUM 5.3 Go
Mattermost Server exposes team invite IDs through API endpoints
GHSA-jwfv-5hwq-f97r · CVE-2017-18902 · GO-2025-4185
Published · Modified
Description
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
References
Ready to move
Start Securing
Free, no credit card | First findings in minutes