CVE-2024-11599

Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
MattermostCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
mattermostmattermost
10.0.1 ≤
𝑥
≤ 10.0.1
mattermostmattermost
10.1.1 ≤
𝑥
≤ 10.1.1
mattermostmattermost
9.11.3 ≤
𝑥
≤ 9.11.3
mattermostmattermost
9.5.11 ≤
𝑥
≤ 9.5.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mattermost.com/security-updates