CVE-2024-5270

Name of the Vulnerable Software and Affected Versions Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Mattermost versions 9.7.x through 9.7.1

Description The issue arises from the failure to check if the email signup configuration option is enabled when a user requests to switch from SAML to email authentication. This allows a user to switch their authentication method and potentially edit personal details that were otherwise non-editable and provided by the SAML provider.

Recommendations For Mattermost versions 8.1.x through 8.1.12, update to a version later than 8.1.12 to resolve the issue. For Mattermost versions 9.5.x through 9.5.3, update to a version later than 9.5.3 to resolve the issue. For Mattermost versions 9.6.x through 9.6.1, update to a version later than 9.6.1 to resolve the issue. For Mattermost versions 9.7.x through 9.7.1, update to a version later than 9.7.1 to resolve the issue.