CVE-2024-39772

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 42.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Mattermost Desktop Mattermost Mattermost

Timeline

PublishedSep 16

Description

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

▶npmmattermost-desktop< 5.9.0

▶NVDmattermost/mattermost_desktop< 5.9.0

▶CVEListV5mattermost/mattermost5.8.0

🔴Vulnerability Details

GHSA

Mattermost Desktop App fails to safeguard screen capture functionality↗2024-09-16

▶

OSV

Mattermost Desktop App fails to safeguard screen capture functionality↗2024-09-16

▶

CVEList

Silent Desktop Screenshot Capture↗2024-09-16

▶