In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
NVD
GitHub
CVSS 3.1
8.1
EPSS
0.3%