PT-2024-17129 · Mattermost · Mattermost
Jofra
·
Published
2024-11-28
·
Updated
2024-12-03
·
CVE-2024-11599
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 9.5.x through 9.5.11
Mattermost versions 9.11.x through 9.11.3
Mattermost versions 10.0.x through 10.0.1
Mattermost versions 10.1.x through 10.1.1
Description
The issue is related to the improper validation of email addresses, which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration. This can enable remote attacks.
Recommendations
For Mattermost versions 9.5.x through 9.5.11, upgrade to a version higher than 9.5.11 to patch the issue.
For Mattermost versions 9.11.x through 9.11.3, upgrade to a version higher than 9.11.3 to patch the issue.
For Mattermost versions 10.0.x through 10.0.1, upgrade to a version higher than 10.0.1 to patch the issue.
For Mattermost versions 10.1.x through 10.1.1, upgrade to a version higher than 10.1.1 to patch the issue.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost