CVE-2023-1774 Information

Description

When processing an email invite to a private channel on a team Mattermost fails to validate the inviter’s permission to that channel allowing an attacker to invite themselves to a private channel.

Reference

https://mattermost.com/security-updates/