Products
Mattermost Desktop App
- <=5.8.0
Source
responsibledisclosure@mattermost.com
Tags
CVE-2024-39613 details
Published : Sept. 16, 2024, 7:15 a.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Description
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-427 | Uncontrolled Search Path Element | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
5.3
Exploitability Score
1.8
Impact Score
3.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://mattermost.com/security-updates | responsibledisclosure@mattermost.com |
This website uses the NVD API, but is not approved or certified by it.