Lucene search
HistorySep 16, 2024 - 7:15 a.m.
CVE-2024-39613
mattermost
desktop app
path specification
vulnerability
remote code execution
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.6%
Mattermost Desktop App versions <=5.8.0 fail toΒ specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a userβs machine to cause remote code execution on that machine.
References
Related
github
github
Mattermost Desktop App Uncontrolled Search Path Vulnerability
2024-09-16 14:37:28
cve
cve
CVE-2024-39613
2024-09-16 07:15:02
osv
osv
Mattermost Desktop App Uncontrolled Search Path Vulnerability
2024-09-16 14:37:28
cvelist
cvelist
CVE-2024-39613 RCE in desktop app in Windows by local attacker
2024-09-16 06:40:58
vulnrichment
vulnrichment
CVE-2024-39613 RCE in desktop app in Windows by local attacker
2024-09-16 06:40:58
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.6%
Related for NVD:CVE-2024-39613