An issue exists in Mattermost Server prior to 4.1.0, 4.0.4, and 3.10.3. It allows malicious users to discover team invite IDs via team API endpoints.
mattermost mattermost server