Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-29T08:08:08.272Z
Updated: 2024-08-01T18:56:22.307Z
Reserved: 2024-02-26T09:37:53.013Z
Link: CVE-2024-1888
Vulnrichment
Updated: 2024-08-01T18:56:22.307Z
NVD
Status : Awaiting Analysis
Published: 2024-02-29T09:15:06.563
Modified: 2024-02-29T13:49:29.390
Link: CVE-2024-1888
Redhat
No data.