Vulnerabilities > CVE-2022-1385 - Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server

047910
CVSS 4.6 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mattermost
CWE-668
NVD
Published: 2022-04-19
Updated: 2022-04-27

Summary

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

Vulnerable Configurations

Part Description Count
Application
Mattermost
615

Common Weakness Enumeration (CWE)

References