CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Mattermost Desktop App versions <=5.8.0 fail toΒ specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a userβs machine to cause remote code execution on that machine.
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial