Email Address Validation Vulnerability Affects Mattermost Versions
CVE-2024-11599

8.2HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 28 November 2024

Summary

A flaw in certain versions of Mattermost allows an unauthenticated user to exploit improper email address validation during the registration process. This vulnerability permits the bypassing of email domain restrictions, which may lead to unauthorized access or impersonation risks. Organizations using affected versions should review their security measures and apply necessary updates to safeguard their platforms.

Affected Version(s)

Mattermost 10.0.0 <= 10.0.1

Mattermost 10.1.0 <= 10.1.1

Mattermost 9.11.0 <= 9.11.3

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 21, 2024

Credit

jofra (v_jofra)