CVE-2024-45835

Summary

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 5.8.0affected
MattermostMattermost5.9.0unaffected

Weaknesses

  • CWE-693: CWE-693: Protection Mechanism Failure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References