CVE-2024-36250
published 2024-11-09CVE-2024-36250: Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code…
medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | 9.11.0 – 9.11.2 | — |
| mattermost | mattermost | 9.5.0 – 9.5.10 | — |
| mattermost | mattermost_server | >= 9.11.0 < 9.11.3 | 9.11.3 |
| mattermost | mattermost_server | >= 9.5.0 < 9.5.11 | 9.5.11 |