Security Advisory

CVE-2023-1774

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-31 11:14:00

Last updated 2024-12-06 23:05:52

Assigner Mattermost

State PUBLISHED

Description

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviters permission to that channel, allowing an attacker to invite themselves to a private channel.

← Browse all CVEs View on cve.org ↗