{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T00:46:49.401","vulnerabilities":[{"cve":{"id":"CVE-2022-1385","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2022-04-19T21:15:14.103","lastModified":"2024-11-21T06:40:37.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels."},{"lang":"es","value":"Mattermost versiones 6.4.x y anteriores no invalidan apropiadamente las invitaciones por correo electrónico pendientes cuando la acción es llevada a cabo desde la consola del sistema, lo que permite a usuarios invitados accidentalmente unirse al espacio de trabajo y acceder a la información de los equipos y canales públicos"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-664"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.0","matchCriteriaId":"F4F225C4-48B7-456B-ABD4-1FD2ADD47668"}]}]}],"references":[{"url":"https://hackerone.com/reports/1486820","source":"responsibledisclosure@mattermost.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://mattermost.com/security-updates/","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/1486820","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://mattermost.com/security-updates/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}