CVE-2024-36287

CWE-6935 documents4 sources
Severity
3.3LOW
EPSS
0.0%
top 92.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost MattermostMattermost Mattermost Desktop
Timeline
PublishedJun 14

Description

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages3 packages

npmmattermost-desktop< 5.8.0
CVEListV5mattermost/mattermost5.7.0

🔴Vulnerability Details

4
OSV
Mattermost Desktop App allows for bypassing TCC restrictions on macOS2024-06-14
GHSA
Mattermost Desktop App allows for bypassing TCC restrictions on macOS2024-06-14
OSV
CVE-2024-36287: Mattermost Desktop App versions <=52024-06-14
CVEList
Bypass of TCC restrictions on macOS2024-06-14
CVE-2024-36287 (LOW CVSS 3.3) | Mattermost Desktop App versions <=5 | cvebase.io