Vulnerabilities > CVE-2023-27265 - Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server

047910
CVSS 2.7 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mattermost
CWE-668
NVD
Published: 2023-02-27
Updated: 2023-11-07

Summary

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

Vulnerable Configurations

Part Description Count
Application
Mattermost
308

Common Weakness Enumeration (CWE)

References