CVE-2024-42411

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 754

Summary

CVE-2024-42411 affects multiple versions of Mattermost, specifically 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, 9.10.x up to 9.10.0, and 9.8.x up to 9.8.2, due to inadequate input restrictions in the POST /api/v4/users endpoint allowing users to manipulate account creation dates. This vulnerability poses a medium severity risk as it could mislead administrators into believing that a user account is older than it actually is, potentially aiding in social engineering attacks or unauthorized access attempts by impersonating legitimate users with longer-standing accounts. To remediate this issue, organizations should upgrade to the latest versions of Mattermost that address this vulnerability as outlined in vendor advisories available at Mattermost's security updates page. The exploitation of this vulnerability does not require elevated privileges or user interaction but operates over a network, highlighting the need for regular software updates and vigilant monitoring of user activity within corporate environments. Failure to address this issue may result in reputational damage or security breaches that compromise sensitive organizational data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share