Improper Invalidation of Pending Email Invitations in Mattermost 6.4.x and Earlier

Improper Invalidation of Pending Email Invitations in Mattermost 6.4.x and Earlier

CVE-2022-1385 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

Learn more about our Cis Benchmark Audit For Google Workspace.