Lucene search
MattermostCVELIST:CVE-2024-39613HistorySep 16, 2024 - 6:40 a.m.
CVE-2024-39613 RCE in desktop app in Windows by local attacker
2024-09-1606:40:58
CWE-427
Mattermost
www.cve.org
3
remote code execution
mattermost desktop app
windows
local attacker
absolute path
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.6%
Mattermost Desktop App versions <=5.8.0 fail toΒ specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a userβs machine to cause remote code execution on that machine.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.9.0"
}
]
}
]References
Related
github
github
Mattermost Desktop App Uncontrolled Search Path Vulnerability
2024-09-16 14:37:28
cve
cve
CVE-2024-39613
2024-09-16 07:15:02
osv
osv
Mattermost Desktop App Uncontrolled Search Path Vulnerability
2024-09-16 14:37:28
nvd
nvd
CVE-2024-39613
2024-09-16 07:15:02
vulnrichment
vulnrichment
CVE-2024-39613 RCE in desktop app in Windows by local attacker
2024-09-16 06:40:58
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.6%
Related for CVELIST:CVE-2024-39613