CVE-2024-39772

2024-09-1615:15:16

CWE-284

Mattermost

web.nvd.nist.gov

mattermost desktop app

cve-2024-39772

screenshot capture

javascript apis

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

Affected configurations

Nvd

Node

mattermostmattermost_serverRange<5.9.0

VendorProductVersionCPE
mattermostmattermost_server*cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mattermost	mattermost_server	*	cpe:2.3:a:mattermost:mattermost_server::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "5.8.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "5.9.0"
      }
    ]
  }
]