Information Disclosure Vulnerability in Mattermost's Regenerate Invite Id API Endpoint
CVE-2023-27265 · LOW Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Learn more about our Api Penetration Testing.