CVE-2024-11599

Summary

Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost10.0.0 <= 10.0.1affected
MattermostMattermost10.1.0 <= 10.1.1affected
MattermostMattermost9.11.0 <= 9.11.3affected
MattermostMattermost9.5.0 <= 9.5.11affected
MattermostMattermost10.2.0unaffected
MattermostMattermost10.0.2unaffected
MattermostMattermost10.1.2unaffected
MattermostMattermost9.11.4unaffected
MattermostMattermost9.5.12unaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References