CVE-2024-32945

CWE-9093 documents3 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 43.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost MobileMattermost Mattermost
Timeline
PublishedJul 15

Description

Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5mattermost/mattermost2.16.0

🔴Vulnerability Details

2
GHSA
GHSA-xq9p-hq98-j4x4: Mattermost Mobile Apps versions <=22024-07-15
CVEList
LaTeX post content manipulation via renderer state leak across contexts2024-07-15
CVE-2024-32945 (MEDIUM CVSS 5.3) | Mattermost Mobile Apps versions <=2 | cvebase.io