CVE-2023-1774

Published: Mar 31, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1774" target="_blank" rel="noopener"> CVE-2023-1774
GHSA: <a href="https://github.com/advisories/GHSA-9hj7-v56g-rhf6" target="_blank" rel="noopener"> GHSA-9hj7-v56g-rhf6
Severity: Medium
Exploit:

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.

CVSS v3:

CWEs: