CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45833 – Mobile password gets saved in dictionary under conditions
https://notcve.org/view.php?id=CVE-2024-45833
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39613 – RCE in desktop app in Windows by local attacker
https://notcve.org/view.php?id=CVE-2024-39613
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43105 – Excessive Resource Consumption via `/export`
https://notcve.org/view.php?id=CVE-2024-43105
Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43780 – Unauthorized channel file upload
https://notcve.org/view.php?id=CVE-2024-43780
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42497 – Insufficient permissions checks on teams
https://notcve.org/view.php?id=CVE-2024-42497
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •