Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console,…
Mattermost·CWE-664·Published 2022-04-19
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
Mattermost versiones 6.4.x y anteriores no invalidan apropiadamente las invitaciones por correo electrónico pendientes cuando la acción es llevada a cabo desde la consola del sistema, lo que permite a usuarios invitados accidentalmente unirse al espacio de trabajo y acceder a la información de los equipos y canales públicos
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.8 | 8.6 | 4.9 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| 3.1 | Primary | NVD | 4.6 | 2.1 | 2.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
| 3.1 | Primary | cve.org | 3.7 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |
| 3.1 | Primary | cve.org | 3.7 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |
| 3.1 | Secondary | GHSA | 4.6 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
| 3.1 | Secondary | NVD | 3.7 | 1.2 | 2.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |