CVE-2024-48872 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-48872 PUBLISHED CVSS 4.800000190734863 MEDIUM

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests

EPSS 0.06% · 19.4th percentile

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score

0.06%

19.4th percentile

Affected Products

Vendor	Product	Versions
github.com	mattermost/mattermost/server/v8	10.1.0, 10.0.0, 9.11.0
mattermost	mattermost_server	9.5.0, 9.11.0, 10.0.0
Mattermost	Mattermost	9.11.5, 10.1.0, 9.5.13

Timeline

Dec 16, 2024 CVE Published
Dec 16, 2024 PoC Published
Dec 16, 2024 PoC Published
Dec 17, 2024 EPSS Score
Jan 2, 2025 EPSS Score
Jan 18, 2025 EPSS Score
Feb 3, 2025 EPSS Score
Feb 19, 2025 EPSS Score
Mar 7, 2025 EPSS Score
Mar 23, 2025 EPSS Score
Apr 2, 2025 Coalition ESS Score
Apr 8, 2025 EPSS Score

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2024-48872 advisory
https://github.com/mattermost/mattermost package

Open in Interactive Console →