VDB
CVE-2024-48872
CVE-2024-48872
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests
EPSS 0.09% · 24.7th percentile
Risk Scores
CVSS v3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.09%
24.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | mattermost/mattermost/server/v8 | 9.11.0, 10.0.0, 9.5.0 |
| mattermost | mattermost_server | 9.5.0, 10.0.0, 9.11.0 |
| Mattermost | Mattermost | 10.0.0, 10.0.0, 10.1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-48872 (circl-sighting)
- CIRCL seen: CVE-2024-48872 (circl-sighting)
- https://mattermost.com/security-updates (circl)
Timeline
- Dec 16, 2024 CVE Published
- Dec 16, 2024 PoC Published
- Dec 16, 2024 PoC Published
- Dec 17, 2024 EPSS Score
- Jan 3, 2025 EPSS Score
- Jan 19, 2025 EPSS Score
- Feb 5, 2025 EPSS Score
- Feb 21, 2025 EPSS Score
- Mar 10, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Apr 2, 2025 Coalition ESS Score
- Apr 12, 2025 EPSS Score