CVE-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
References
Link Resource
https://mattermost.com/security-updates/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

History

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

Information

Published : 2023-02-27 15:15

Updated : 2024-02-28 19:51


NVD link : CVE-2023-27265

Mitre link : CVE-2023-27265

CVE.ORG link : CVE-2023-27265


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-668

Exposure of Resource to Wrong Sphere

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor