CVE-2024-42411

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-754
View all →

Vulnerability Description

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.

Related Vulnerabilities

CVE-2017-18657

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017).

CWE-7542017

CVE-2017-18914

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.

CWE-7542017

CVE-2019-14607

MEDIUM
CVSS:5.3(Medium)

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local...

CWE-7542019

CVE-2020-1999

MEDIUM
CVSS:5.3(Medium)

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for thre...

CWE-7542020

CVE-2020-7549

MEDIUM
CVSS:5.3(Medium)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication M...

CWE-7542020

CVE-2021-31361

MEDIUM
CVSS:5.3(Medium)

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unau...

CWE-7542021