CVE-2024-36250
EUVD-2024-3599909.11.2024, 18:15
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 secondsEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 9.5.0 ≤ 𝑥 < 9.5.11 |
| mattermost | mattermost_server | 9.11.0 ≤ 𝑥 < 9.11.3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 9.11.0 ≤ 𝑥 ≤ 9.11.2 | CNA |
| mattermost | mattermost | 9.5.0 ≤ 𝑥 ≤ 9.5.10 | CNA |
Common Weakness Enumeration
- CWE-303 - Incorrect Implementation of Authentication AlgorithmThe requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
- CWE-294 - Authentication Bypass by Capture-replayA capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
References