CVE-2024-11599

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 754

Summary

CVE-2024-11599 is a vulnerability affecting Mattermost versions 10.0.1 and lower, 10.1.1 and lower, 9.11.3 and lower, and 9.5.11 and lower. The issue lies in the email address validation process, which fails to properly check user input during email registration. This flaw allows unauthenticated users to bypass email domain restrictions by supplying carefully crafted email addresses. Successful exploitation of this vulnerability could lead to unauthorized account creation and potential data breaches. It is recommended that users upgrade to the latest version of Mattermost to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mattermost Server

Affected Vendors

  • Mattermost, Inc.