Undergoing Analysis
CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Products
Mattermost Desktop App
- <=5.8.0
Source
responsibledisclosure@mattermost.com
Tags
CVE-2024-45835 details
Published : Sept. 16, 2024, 3:15 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Description
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVSS Score
| 1 | 2.5 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-693 | Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
2.5
Exploitability Score
1.0
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://mattermost.com/security-updates | responsibledisclosure@mattermost.com |
This website uses the NVD API, but is not approved or certified by it.