Incorrect Authorization

Mattermost is vulnerable to Improper Authorization. The vulnerability is due to authenticated users with restricted invite rights being able to add guest users to a team via the API, bypassing intended access controls...