CVE-2024-39836

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-693
View all →

Vulnerability Description

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.

Related Vulnerabilities

CVE-2016-0772

MEDIUM
CVSS:6.5(Medium)

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypas...

CWE-6932016

CVE-2019-1975

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulne...

CWE-6932019

CVE-2021-31362

MEDIUM
CVSS:6.5(Medium)

A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS a...

CWE-6932021

CVE-2022-22152

MEDIUM
CVSS:6.5(Medium)

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another te...

CWE-6932022

CVE-2022-3044

MEDIUM
CVSS:6.5(Medium)

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa...

CWE-6932022

CVE-2022-3056

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CWE-6932022