CVE-2024-39613Uncontrolled Search Path Element in Desktop

CWE-427Uncontrolled Search Path Element4 documents4 sources
Severity
7.8HIGHNVD
CNA5.3
EPSS
1.5%
top 19.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost DesktopMattermost
Timeline
PublishedSep 16

Description

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mattermost/mattermost5.8.0

🔴Vulnerability Details

3
GHSA
Mattermost Desktop App Uncontrolled Search Path Vulnerability2024-09-16
CVEList
RCE in desktop app in Windows by local attacker2024-09-16
OSV
Mattermost Desktop App Uncontrolled Search Path Vulnerability2024-09-16
CVE-2024-39613 — Uncontrolled Search Path Element | cvebase