CVE-2024-45835

CWE-6934 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 41.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost DesktopMattermost Mattermost
Timeline
PublishedSep 16

Description

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages3 packages

npmmattermost-desktop< 5.9.0
CVEListV5mattermost/mattermost5.8.0

🔴Vulnerability Details

3
OSV
Mattermost Desktop App fails to sufficiently configure Electron Fuses2024-09-16
GHSA
Mattermost Desktop App fails to sufficiently configure Electron Fuses2024-09-16
CVEList
Insufficient Electron Fuses Configuration2024-09-16
CVE-2024-45835 (MEDIUM CVSS 6.5) | Mattermost Desktop App versions <=5 | cvebase.io