CVE-2022-1385: Invitation Email is resent as a Reminder after invalidating pending email invites
First published: Tue Apr 19 2022(Updated: )
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost Server | <6.5.0 |
Remedy
Update Mattermost to version v6.5 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Mattermost?
The vulnerability ID for Mattermost is CVE-2022-1385.
What is the severity level of CVE-2022-1385?
The severity level of CVE-2022-1385 is medium with a score of 4.6.
How does Mattermost 6.4.x and earlier fail to invalidate pending email invitations?
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console.
What are the potential consequences of the vulnerability?
The vulnerability allows accidentally invited users to join the workspace and access information from the public teams and channels.
How can I fix the vulnerability in Mattermost?
To fix the vulnerability in Mattermost, upgrade to version 6.5.0 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/remedy
- agent/tags
- agent/event
- vendor/mattermost
- canonical/mattermost mattermost server