CVE-2024-11358

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 85.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Mattermost Mobile Mattermost Mattermost

Timeline

PublishedDec 16

Description

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.5 | Impact: 5.2

Affected Packages2 packages

▶NVDmattermost/mattermost_mobile< 2.22.2

▶CVEListV5mattermost/mattermost2.21.0

🔴Vulnerability Details

CVEList

Insecure Android File Provider Paths↗2024-12-16

▶

GHSA

GHSA-pxf8-qv37-3xxp: Mattermost Android Mobile Apps versions <=2↗2024-12-16

▶