CVE-2024-11599

{"id": "CVE-2024-11599", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-11-28T10:15:06.657", "references": [{"url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration."}, {"lang": "es", "value": "Las versiones de Mattermost 10.0.x &lt;= 10.0.1, 10.1.x &lt;= 10.1.1, 9.11.x &lt;= 9.11.3, 9.5.x &lt;= 9.5.11 no logran validar correctamente las direcciones de correo electr\u00f3nico, lo que permite que un usuario no autenticado eluda las restricciones de dominio de correo electr\u00f3nico mediante una entrada cuidadosamente manipulada en el registro de correo electr\u00f3nico."}], "lastModified": "2024-11-28T10:15:06.657", "sourceIdentifier": "responsibledisclosure@mattermost.com"}