Mattermost MFA code vulnerability
CVE-2024-36250

4.8MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 9 November 2024

Summary

Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds

Affected Version(s)

Mattermost 9.11.0 <= 9.11.2

Mattermost 9.5.0 <= 9.5.10

Mattermost 10.1.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Nov 5, 2024

Credit

DoyenSec