Vulnerabilities > CVE-2022-1385 - Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE

Summary

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

Vulnerable Configurations

Part Description Count
Application
Mattermost
608

Common Weakness Enumeration (CWE)