CVE-2024-11599

HIGH

Mattermost <10.0.1-9.5.11 - Info Disclosure

Title source: llm

Description

Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.

References (1)

[Vendor Advisory] https://mattermost.com/security-updates

Scores

CVSS v3 8.2

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (1)

mattermost/mattermost_server 9.5.0 - 9.5.12

Published Nov 28, 2024

Tracked Since Feb 18, 2026