Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 13 Dec 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost mattermost Server
|
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:9.5.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Mattermost mattermost Server
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-03-15T09:12:28.880Z
Updated: 2024-08-02T20:35:32.666Z
Reserved: 2024-03-14T12:57:05.854Z
Link: CVE-2024-2450
Vulnrichment
Updated: 2024-08-02T20:35:25.518Z
NVD
Status : Analyzed
Published: 2024-03-15T10:15:08.467
Modified: 2024-12-13T16:39:12.887
Link: CVE-2024-2450
Redhat
No data.