Moderate severityNVD Advisory· Published Apr 19, 2022· Updated Dec 6, 2024
Invitation Email is resent as a Reminder after invalidating pending email invites
CVE-2022-1385
Description
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-server/v6Go | < 6.5.0 | 6.5.0 |
Affected products
3- osv-coords2 versions
< 6.5.0+ 1 more
- (no CPE)range: < 6.5.0
- (no CPE)range: < 6.5.0
- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fxwj-v664-wv5gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1385ghsaADVISORY
- hackerone.com/reports/1486820ghsax_refsource_MISCWEB
- mattermost.com/security-updatesghsaWEB
- mattermost.com/security-updates/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.