CVE-2024-45835

LOW

Mattermost Desktop App <=5.8.0 - Info Disclosure

Title source: llm

Description

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

References (1)

[Vendor Advisory] https://mattermost.com/security-updates

Scores

CVSS v3 2.5

EPSS 0.0036

EPSS Percentile 58.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-693

Status published

Affected Products (2)

mattermost/mattermost_desktop < 5.9.0

npm/mattermost-desktop < 5.9.0npm

Timeline

Published Sep 16, 2024

Tracked Since Feb 18, 2026