PT-2024-16119 · Mattermost+1 · Mattermost+1

Ben Cooke

Published

2024-10-28

Updated

2024-11-05

CVE-2024-10214

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.11.X through 9.11.1

Description The issue arises when using desktop SSO, where Mattermost incorrectly issues two sessions - one in the browser and one in the desktop application, both with incorrect settings.

Recommendations For versions 9.5.x through 9.5.9, update to the latest release to mitigate the risk. For versions 9.11.X through 9.11.1, update to the latest release to mitigate the risk. As a temporary workaround, consider restricting the use of desktop SSO until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-303

Related Identifiers

CVE-2024-10214

GHSA-HM57-H27X-599C

GO-2024-3227

OPENSUSE-SU-2024:0350-1

OPENSUSE-SU-2024:14447-1

OPENSUSE-SU-2024_3911-1

SUSE-SU-2024:3911-1

Affected Products

Mattermost

Suse

PT-2024-16119 · Mattermost+1 · Mattermost+1

CVE-2024-10214

Weakness Enumeration

Related Identifiers

Affected Products

References · 74