CVE-2024-37182

MEDIUM4.7EPSS 0.33%

Mattermost Desktop App Remote Code Execution

發布日:2024/6/14修改日:2024/6/17

描述

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.

受影響套件(1)

npm/mattermost-desktopfrom 0, < 5.8.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-37182
PATCHhttps://github.com/mattermost/desktop
WEBhttps://github.com/mattermost/desktop/commit/1c9fc719dc2b74495a05f7ebc90e92e7daa03e6d
WEBhttps://mattermost.com/security-updates