CVE-2024-39613

Summary

CVE-2024-39613 affects Mattermost Desktop App versions 5.8.0 and earlier, allowing local attackers to exploit an improper path specification when accessing the cmd.exe file, potentially leading to remote code execution. This vulnerability poses a high risk, as it can result in significant integrity and confidentiality impacts if an attacker places a malicious cmd.exe file in a user's Downloads folder. The attack requires user interaction but has a low complexity level, meaning it could be executed with minimal effort by an attacker with local access. Organizations using the affected versions are advised to update their Mattermost Desktop App to the latest version to mitigate this risk. For more information on security updates, organizations can refer to the vendor advisory at Mattermost Security Updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.