Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-826h-p4c3-477p: Mattermost Race Condition vulnerability

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of “Max failed attempts” restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests

ghsa
#vulnerability#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-48872

Mattermost Race Condition vulnerability

Moderate severity GitHub Reviewed Published Dec 16, 2024 to the GitHub Advisory Database • Updated Dec 16, 2024

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 10.0.0, < 10.0.3

>= 9.11.0, < 9.11.5

>= 9.5.0, < 9.5.13

>= 10.1.0, < 10.1.3

Patched versions

10.0.3

9.11.5

9.5.13

10.1.3

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of “Max failed attempts” restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-48872
  • https://mattermost.com/security-updates

Published to the GitHub Advisory Database

Dec 16, 2024

Last updated

Dec 16, 2024

ghsa: Latest News

GHSA-q7jf-gf43-6x6p: Hono vulnerable to Vary Header Injection leading to potential CORS Bypass