CVE-2022-1385: Improper Control of a Resource Through its Lifetime in Mattermost

April 20, 2022 (updated April 26, 2022)

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

References

github.com/advisories/GHSA-fxwj-v664-wv5g
hackerone.com/reports/1486820
mattermost.com/security-updates/
nvd.nist.gov/vuln/detail/CVE-2022-1385

Detect and mitigate CVE-2022-1385 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →