Improper Invalidation of Pending Email Invitations in Mattermost 6.4.x and Earlier
CVE-2022-1385 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
Learn more about our Cis Benchmark Audit For Google Workspace.