Опубликовано: 16 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 5.3
Описание
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
Пакеты
Наименование
mattermost-desktop
npm
Затронутые версииВерсия исправления
< 5.9.0
5.9.0
Связанные уязвимости
CVSS3: 5.3
nvd
больше 1 года назад
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVSS3: 5.3
debian
больше 1 года назад
Mattermost Desktop App versions <=5.8.0 fail tospecify an absolute pat ...