Improper Control of a Resource Through its Lifetime in Mattermost

GHSA-fxwj-v664-wv5g · BIT-mattermost-2022-1385 · CVE-2022-1385 · GO-2022-0599

Published Apr 20, 2022 · Modified Aug 21, 2024

Description

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-1385
WEB https://hackerone.com/reports/1486820
PACKAGE https://github.com/mattermost/mattermost-server
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes