The version of Mattermost Server installed on the remote host is prior to 9.5.8, 9.8.3, 9.9.2, or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00365 advisory. Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older. (CVE-2024-42411) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More