CVE-2023-1774
published 2023-03-31CVE-2023-1774: When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 3.3.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server | >= 7.1.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server | >= 7.7.0 < 7.7.2 | 7.7.2 |
| github.com | mattermost_mattermost-server_v5 | >= 5.0.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server_v6 | >= 6.0.0 < 7.1.6 | 7.1.6 |
| mattermost | mattermost | < 7.8.0 | 7.8.0 |
| mattermost | mattermost | <= 7.7.1 | — |
| mattermost | mattermost_server | < 7.1.6 | 7.1.6 |
| mattermost | mattermost_server | — | — |
| msrc | microsoft_edge | — | — |