CVE-2022-1385

Опубликовано: 19 апр. 2022

Источник: nvd

CVSS3: 3.7

CVSS3: 4.6

CVSS2: 5.8

EPSS Низкий

Описание

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

Ссылки

https://hackerone.com/reports/1486820
Exploit
Third Party Advisory
https://mattermost.com/security-updates/
Vendor Advisory
https://hackerone.com/reports/1486820
Exploit
Third Party Advisory
https://mattermost.com/security-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Версия до 6.5.0 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

3.7 Low

CVSS3

4.6 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-664

CWE-668

Связанные уязвимости

CVE-2022-1385

CVSS3: 3.7

debian

почти 4 года назад

Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...

GHSA-fxwj-v664-wv5g

CVSS3: 4.6

github

почти 4 года назад

Improper Control of a Resource Through its Lifetime in Mattermost

EPSS

Процентиль: 38%

0.00168

Низкий

3.7 Low

CVSS3

4.6 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-664

CWE-668