CVE-2024-10214 — Incorrect Implementation of Authentication Algorithm in Mattermost Mattermost Server V8

CWE-303 — Incorrect Implementation of Authentication Algorithm5 documents4 sources

Severity

3.5LOWNVD

EPSS

0.4%

top 41.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost Server V8 Mattermost

Timeline

PublishedOct 28

Latest updateOct 30

Description

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages3 packages

▶Gogithub.com/mattermost_mattermost_server_v8< 8.0.0-20240821220019-0d6b1070a26f

▶CVEListV5mattermost/mattermost9.11.0 — 9.11.1+1

▶NVDmattermost/mattermost9.5.0 — 9.5.9+1

🔴Vulnerability Details

OSV

Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server↗2024-10-30

▶

CVEList

Incorrect Session Creation with Desktop SSO↗2024-10-28

▶

OSV

Mattermost incorrectly issues two sessions when using desktop SSO↗2024-10-28

▶

GHSA

Mattermost incorrectly issues two sessions when using desktop SSO↗2024-10-28

▶