CVE-2024-48872

Published Dec 16, 2024

Last updated 2 months ago

CVSS medium 4.8

Overview

Description
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests
Source
responsibledisclosure@mattermost.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.8
Impact score
2.5
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

responsibledisclosure@mattermost.com
CWE-362

Social media

Hype score
Not currently trending

  1. CVE-2024-48872 Concurrent Login Attempts Bypass in Mattermost Below Version 10.1.3 Mattermost versions 10.1.x up to 10.1.2, 10.0.x up to 10.0.2, 9.11.x up to 9.11.4, and 9.5.x up to 9.5.12 have a flaw. They do no... https://t.co/UvWwzarrPg

    @VulmonFeeds

    16 Dec 2024

    47 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References