CVSS 3.1 Score 5.3 of 10 (medium)


Published Jul 3, 2024
Updated: Jul 5, 2024
CWE ID 284


CVE-2024-6428 is a vulnerability that affects Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, and 9.5.x <= 9.5.5. It allows an attacker to specify both a remoteId and the user ID when creating a new user, resulting in the creation of a user with a user-defined user ID. This can lead to broken functionality in User Management, such as administrative actions against the user not working properly. The vulnerability has a base severity rating of MEDIUM and does not require any privileges or user interaction to exploit it. The attack vector is through the network, and it has low attack complexity and low availability impact. Remediation for this vulnerability is not specified in the provided information, but affected organizations should consider updating their Mattermost versions to address this issue and prevent potential exploitation by attackers. Note: The provided information lacks specific details on how to remediate the vulnerability, so additional research or consulting official sources may be necessary for comprehensive remediation steps.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-6428 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions