Launch Week Day 1: Announcing Security Design Review
Start for Free
LOW 2.7 Go

Mattermost allows team admin user without "Add Team Members" permission to disable invite URL

GHSA-3j95-8g47-fpwh · BIT-mattermost-2024-40884 · CVE-2024-40884 · GO-2024-3090

Published · Modified

Description

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes