Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.
References
History

Fri, 13 Dec 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost mattermost Server
Weaknesses CWE-306
CPEs cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.5.0:*:*:*:*:*:*:*
Vendors & Products Mattermost mattermost Server

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-03-15T09:12:28.880Z

Updated: 2024-08-02T20:35:32.666Z

Reserved: 2024-03-14T12:57:05.854Z

Link: CVE-2024-2450

cve-icon Vulnrichment

Updated: 2024-08-02T20:35:25.518Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-15T10:15:08.467

Modified: 2024-12-13T16:39:12.887

Link: CVE-2024-2450

cve-icon Redhat

No data.