Vulnerability in Electron Configuration of Mattermost Desktop App
CVE-2024-45835

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost Server
Vendor: CVE Published:; 16 September 2024

Summary

The Mattermost Desktop App versions 5.8.0 and earlier exhibit a security vulnerability linked to insufficient configuration of Electron Fuses. This misconfiguration may allow an attacker to exploit the application to access sensitive data, including Chromium cookies. Additionally, it can facilitate other possible abuses via both remote and local access. Users of the affected version should take immediate action to mitigate risks associated with this vulnerability.

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2024