Unrated severityNVD Advisory· Published Aug 22, 2024· Updated Aug 22, 2024
User creation date manipulation in POST /api/v4/users
CVE-2024-42411
Description
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2+ 1 more
- (no CPE)range: 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2
- (no CPE)range: 9.9.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.