Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates |
Configurations
No configuration.
History
15 Mar 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-15 10:15
Updated : 2024-03-15 12:53
NVD link : CVE-2024-2450
Mitre link : CVE-2024-2450
CVE.ORG link : CVE-2024-2450
JSON object : View
Products Affected
No product.
CWE
CWE-287
Improper Authentication