CVE-2024-10214

Aliases:GHSA-hm57-h27x-599cGO-2024-3227
Advisory lineage Upstream: 0 Downstream: 3
Analyzed
Published: 28 Oct 2024, 14:12
Last modified:28 Oct 2024, 14:55

Vulnerability Summary

Overall Risk (default)
low
14/100
CVSS Score
3.5 LOW
v3.1 (cve.org)
EPSS Score
0.36% LOW
0% probability +0.10%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

28 Oct 2024, 14:12
Published
Vulnerability first disclosed
28 Oct 2024, 14:55
Last Modified
Vulnerability information updated

Description

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.

CVSS Metrics

  • v4.0LOWScore: 2.4CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
  • v3.1LOWScore: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

EPSS Trends

Current EPSS score: 0.36% Percentile: 59%

Techniques & Countermeasures

  • CWE-303Incorrect Implementation of Authentication Algorithm

    The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Affected Systems

  • github.com/mattermostmattermost-server

    all

  • github.com/mattermost/mattermost-serverv5

    all

  • github.com/mattermost/mattermost-serverv6

    all

  • github.com/mattermost/mattermost/serverv8

    < 8.0.0-20240821220019-0d6b1070a26f

  • mattermostmattermost

    ≥ 9.5.0, ≤ 9.5.9 | ≥ 9.11.0, ≤ 9.11.1

References (5)