Mr_Anon

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 6.4.x and earlier **Description** The issue arises from the failure to properly invalidate pending email invitations when the action is performed from the system console. This allows accidentally invited users to join the workspace and access information from public teams and channels. The problem is related to improper control of a resource through its lifetime in Mattermost. **Recommendations** For Mattermost versions 6.4.x and earlier, consider restricting access to public teams and channels until a proper fix is applied to prevent accidentally invited users from accessing sensitive information. As a temporary workaround, manually invalidate pending email invitations to prevent unauthorized access.