Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.6 views

CVE-2024-48872

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, and 9.5.x = 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being...

4.8CVSS6.8AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 8:15 a.m.16 views

CVE-2024-48872

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, and 9.5.x = 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being...

4.8CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2024/12/16 8:1 a.m.54 views

CVE-2024-48872

Mattermost server CVE-2024-48872 affects 9.5.x (up to 9.5.12), 9.11.x (up to 9.11.4), 10.0.x (up to 10.0.2), and 10.1.x (up to 10.1.2). The issue is a race condition where concurrent login attempts are not prevented from updating the failure counter, allowing an attacker to bypass the Max failed ...

4.8CVSS5.2AI score0.00247EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/16 8:1 a.m.6 views

CVE-2024-48872 Bypass of "Max failed attempts" restriction via race condition

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, and 9.5.x = 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being...

4.8CVSS6.9AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 8:1 a.m.37 views

CVE-2024-48872 Bypass of "Max failed attempts" restriction via race condition

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, and 9.5.x = 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being...

4.8CVSS0.00247EPSS
Exploits0References1
Rows per page
Query Builder