CVE-2021-37862

2021-12-1717:15:12

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.

CPENameOperatorVersion
mattermost-servereq5.0.0-rc6
mattermost-servereq3.0.2
mattermost-servereq5.3.0-rc2
mattermost-servereqcloud-2021-04-22-1
mattermost-servereq3.7.0
mattermost-servereq4.7.3-rc1
mattermost-servereqcloud-2021-03-23-1
mattermost-servereq5.1.0-rc3
mattermost-servereq3.5.1
mattermost-servereq2.0.0

Name	Operator	Version
mattermost-server	eq	5.0.0-rc6
mattermost-server	eq	3.0.2
mattermost-server	eq	5.3.0-rc2
mattermost-server	eq	cloud-2021-04-22-1
mattermost-server	eq	3.7.0
mattermost-server	eq	4.7.3-rc1
mattermost-server	eq	cloud-2021-03-23-1
mattermost-server	eq	5.1.0-rc3
mattermost-server	eq	3.5.1
mattermost-server	eq	2.0.0