Products
Mattermost Mobile Apps
- <=2.16.0
Source
responsibledisclosure@mattermost.com
Tags
CVE-2024-32945 details
Published : July 15, 2024, 9:15 a.m.
Last Modified : July 15, 2024, 1 p.m.
Last Modified : July 15, 2024, 1 p.m.
Description
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.
CVSS Score
| 1 | 2.6 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-909 | Missing Initialization of Resource | The product does not initialize a critical resource. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
2.6
Exploitability Score
1.2
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
References
| URL | Source |
|---|---|
| https://mattermost.com/security-updates | responsibledisclosure@mattermost.com |
This website uses the NVD API, but is not approved or certified by it.