4 matches found
CVE-2024-1888
Mattermost fails to check the "inviteguest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server...
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission
Mattermost fails to check the "inviteguest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server...
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission
Mattermost fails to check the "inviteguest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server...
CVE-2024-1888
CVE-2024-1888 relates to Mattermost. Connected OSV advisory GO-2024-2593 confirms a bug where Mattermost fails to check the invite_guest permission in github.com/mattermost/mattermost-server, enabling a user with some permissions to add guests under specific circumstances. Affected module/version...