CVE-2023-27265
published 2023-02-27CVE-2023-27265: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team…
low2.7CVSS 3.1
AVNACLPRHUINSUCLINAN
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | >= 5.12.0 < 7.7.0 | 7.7.0 |
| mattermost | mattermost_server | >= 5.12.0 < 7.7.0 | 7.7.0 |