CVE-2022-1385
Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
4.6
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
How to fix CVE-2022-1385
To remediate CVE-2022-1385, upgrade the affected package to a fixed version below.
- —upgrade to 6.5.0 or later
- —no fix listed
- —no fix listed
- —upgrade to 6.5.0 or later
- —upgrade to 6.5.0 or later
Is CVE-2022-1385 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 6.5.0
- from 0
- from 0
- from 0, < 6.5.0
- from 0, < 6.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |