CVE-2024-36250

Medium

Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to…

Mattermost·CWE-303·Published 2024-11-09

CVSS

4.8

EPSS

0.00

KEV

Exploits

cve.orgen

176 chars

Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds

NVDen

176 chars

Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds

Las versiones 9.11.x <= 9.11.2 y 9.5.x <= 9.5.10 de Mattermost no protegen el código MFA contra ataques de repetición, lo que permite a un atacante reutilizar el código MFA en aproximadamente 30 segundos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	cve.org	3.1	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3.1	Secondary	NVD	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N