Lucene search

MattermostCVELIST:CVE-2024-45833

HistorySep 16, 2024 - 6:41 a.m.

CVE-2024-45833 Mobile password gets saved in dictionary under conditions

2024-09-1606:41:47

CWE-693

Mattermost

www.cve.org

cve-2024-45833

mobile password

dictionary

autocomplete

swiftkey

special character

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character…

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "2.18.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "2.19.0"
      }
    ]
  }
]

References

mattermost.com/security-updates

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2024-45833