CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45835 – Insufficient Electron Fuses Configuration
https://notcve.org/view.php?id=CVE-2024-45835
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39772 – Silent Desktop Screenshot Capture
https://notcve.org/view.php?id=CVE-2024-39772
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45833 – Mobile password gets saved in dictionary under conditions
https://notcve.org/view.php?id=CVE-2024-45833
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39613 – RCE in desktop app in Windows by local attacker
https://notcve.org/view.php?id=CVE-2024-39613
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43105 – Excessive Resource Consumption via `/export`
https://notcve.org/view.php?id=CVE-2024-43105
Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •