Описание
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mattermost-server | itp | package |
Связанные уязвимости
CVSS3: 4.2
nvd
почти 3 года назад
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
CVSS3: 5.4
github
почти 3 года назад
Mattermost fails to properly authentication inviter's permissions to private channel