Lucene search

MattermostVULNRICHMENT:CVE-2024-2450

HistoryMar 15, 2024 - 9:12 a.m.

CVE-2024-2450

2024-03-1509:12:28

CWE-287

Mattermost

github.com

mattermost

account takeover

saml

authentication

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.

CNA Affected

[
  {
    "vendor": "Mattermost",
    "product": "Mattermost",
    "versions": [
      {
        "status": "affected",
        "version": "9.5.0"
      },
      {
        "status": "affected",
        "version": "9.4.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.4.2"
      },
      {
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.3.1"
      },
      {
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.2.5"
      },
      {
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver",
        "lessThanOrEqual": "8.1.9"
      },
      {
        "status": "unaffected",
        "version": "9.6.0"
      },
      {
        "status": "unaffected",
        "version": "9.4.3"
      },
      {
        "status": "unaffected",
        "version": "9.5.1"
      },
      {
        "status": "unaffected",
        "version": "9.3.2"
      },
      {
        "status": "unaffected",
        "version": "9.2.6"
      },
      {
        "status": "unaffected",
        "version": "8.1.10"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*"
    ],
    "vendor": "mattermost",
    "product": "mattermost",
    "versions": [
      {
        "status": "affected",
        "version": "9.5.0",
        "lessThan": "9.6.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.4.0",
        "lessThan": "9.4.3",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.3.0",
        "lessThan": "9.3.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.2.0",
        "lessThan": "9.2.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "8.1.0",
        "lessThan": "8.1.10",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

mattermost.com/security-updates

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-2450