CVE-2024-36250

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.11.x through 9.11.2 Mattermost versions 9.5.x through 9.5.10

Description The issue allows an attacker to reuse the MFA code within ~30 seconds due to a failure to protect the MFA code against replay attacks.

Recommendations For versions 9.11.x through 9.11.2, update to a version later than 9.11.2 to resolve the issue. For versions 9.5.x through 9.5.10, update to a version later than 9.5.10 to resolve the issue. As a temporary workaround, consider restricting access to MFA-protected resources until a patch is available.