CVE-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:52

Type Values Removed Values Added
References () https://mattermost.com/security-updates/ - Vendor Advisory () https://mattermost.com/security-updates/ - Vendor Advisory

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

Information

Published : 2023-02-27 15:15

Updated : 2024-11-21 07:52


NVD link : CVE-2023-27265

Mitre link : CVE-2023-27265

CVE.ORG link : CVE-2023-27265


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-668

Exposure of Resource to Wrong Sphere