CVE-2024-42411

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.

Published: Aug 22, 2024
Updated: Aug 24, 2024
CVE: CVE-2024-42411
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-754

Affected Software
References

Software	From	Fixed in
mattermost / mattermost	9.9.0	9.9.2
mattermost / mattermost	9.8.0	9.8.3
mattermost / mattermost	9.5.0	9.5.8
mattermost / mattermost	9.10.0	9.10.1

https://mattermost.com/security-updates

Vulnerability Database

289,871

CVE-2024-42411