CVE-2024-11599

EUVD-2024-34064
Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
MattermostCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
mattermostmattermost
10.0.1 ≤
𝑥
≤ 10.0.1
mattermostmattermost
10.1.1 ≤
𝑥
≤ 10.1.1
mattermostmattermost
9.11.3 ≤
𝑥
≤ 9.11.3
mattermostmattermost
9.5.11 ≤
𝑥
≤ 9.5.11
mattermostmattermost_server
9.5.0 ≤
𝑥
< 9.5.12
mattermostmattermost_server
9.11.0 ≤
𝑥
< 9.11.4
mattermostmattermost_server
10.0.0 ≤
𝑥
< 10.0.2
mattermostmattermost_server
10.1.0 ≤
𝑥
< 10.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mattermost.com/security-updates