Information Disclosure Vulnerability in Mattermost's Regenerate Invite Id API Endpoint

Information Disclosure Vulnerability in Mattermost's Regenerate Invite Id API Endpoint

CVE-2023-27265 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

Learn more about our Api Penetration Testing.