First published: Mon Oct 28 2024(Updated: )
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/mattermost/mattermost/server/v8 | <8.0.0-20240821220019-0d6b1070a26f | 8.0.0-20240821220019-0d6b1070a26f |
Mattermost | >=9.5.0<=9.5.9 | |
Mattermost | >=9.11.0<=9.11.1 |
Update Mattermost to versions 10.0.0, 9.11.2, 9.5.10 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-10214 is considered a medium severity vulnerability due to the incorrect session handling.
To fix CVE-2024-10214, upgrade Mattermost to a version later than 9.11.1 or 9.5.9.
Mattermost versions 9.11.X up to and including 9.11.1 and 9.5.x up to and including 9.5.9 are affected by CVE-2024-10214.
CVE-2024-10214 can lead to issues with session management, potentially causing security risks and user confusion.
Yes, CVE-2024-10214 specifically involves incorrect session issuance when using desktop single sign-on (SSO) with Mattermost.