Lucene search

[email protected]NVD:CVE-2024-37182

HistoryJun 14, 2024 - 9:15 a.m.

CVE-2024-37182

2024-06-1409:15:10

CWE-693

[email protected]

web.nvd.nist.gov

cve-2024-37182

mattermost desktop app

remote code execution

uri schemes

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim’s system via custom URI schemes.

References

mattermost.com/security-updates

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-37182

cvelist1 vulnrichment1 osv1 github1 cve1