CVE-2024-11599

mattermost_server vulnerability - mattermost

High CVSS Score: 8.2 Published: 2024-11-28

Description

Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.

Affected Systems

Vendor	mattermost
Product	mattermost_server
Affected Versions	from 9.5.0 before 9.5.12; from 9.11.0 before 9.11.4; from 10.0.0 before 10.0.2; from 10.1.0 before 10.1.2
CWE ID	CWE-754

Mitigation

Apply the latest security patches from the vendor, restrict network exposure where applicable, and monitor for exploitation attempts.

Fix Instructions

Refer to the vendor advisory and apply the latest security updates. See references for detailed patching instructions.

References

https://mattermost.com/security-updates...

Risk Assessment

CVSS: 8.2/10

Exploit Available	Unknown
Patch Available	Yes

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring