Описание
Mattermost fails to properly authentication inviter's permissions to private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
Issue Identifier: MMSA-2023-00137
Пакеты
github.com/mattermost/mattermost-server
>= 3.3.0, <= 4.10.10
7.1.6
github.com/mattermost/mattermost-server
>= 7.7.0, <= 7.7.1
7.7.2
github.com/mattermost/mattermost-server
>= 7.1.0, <= 7.1.5
7.1.6
github.com/mattermost/mattermost-server/v5
>= 5.0.0, <= 5.39.3
7.1.6
github.com/mattermost/mattermost-server/v6
>= 6.0.0, <= 6.7.2
7.1.6
Связанные уязвимости
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
When processing an email invite to a private channel on a team, Matter ...