CVE-2021-37862

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.0 and earlier

Description: The issue is related to insufficient validation of email addresses during the registration process. This allows attackers to trick users into signing up with attacker-controlled email addresses by using crafted invitation tokens.

Recommendations: For versions 6.0 and earlier, consider temporarily restricting the use of invitation tokens until a proper validation mechanism is implemented to prevent the exploitation of this issue. As a mitigation measure, closely monitor user registration activities to detect potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.