Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.
References
History

Fri, 29 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
CPEs cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 28 Nov 2024 10:00:00 +0000

Type Values Removed Values Added
Description Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.
Title Domain Restriction Bypass on Registration
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-11-28T09:42:48.141Z

Updated: 2024-11-29T19:55:00.509Z

Reserved: 2024-11-21T16:26:32.694Z

Link: CVE-2024-11599

cve-icon Vulnrichment

Updated: 2024-11-29T19:54:53.238Z

cve-icon NVD

Status : Received

Published: 2024-11-28T10:15:06.657

Modified: 2024-11-28T10:15:06.657

Link: CVE-2024-11599

cve-icon Redhat

No data.