CVE-2024-48872

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.5.x through 9.5.12 Mattermost versions 9.11.x through 9.11.4 Mattermost versions 10.0.x through 10.0.2 Mattermost versions 10.1.x through 10.1.2

Description The issue allows an attacker to bypass the "Max failed attempts" restriction by sending multiple login requests simultaneously, which can lead to a large number of login attempts before being blocked. This is due to the software's failure to prevent concurrent checking and updating of failed login attempts.

Recommendations For versions 9.5.x through 9.5.12, update to a version newer than 9.5.12 to resolve the issue. For versions 9.11.x through 9.11.4, update to a version newer than 9.11.4 to resolve the issue. For versions 10.0.x through 10.0.2, update to a version newer than 10.0.2 to resolve the issue. For versions 10.1.x through 10.1.2, update to a version newer than 10.1.2 to resolve the issue.