PT-2024-16931 · Mattermost · Mattermost Android Mobile Apps
Bugsniper
·
Published
2024-12-16
·
Updated
2024-12-18
·
CVE-2024-11358
CVSS v3.1
5.7
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost Android Mobile Apps versions <=2.21.0
Description
The issue arises from a misconfiguration of file providers in the Mattermost Android Mobile Apps, allowing an attacker with local access to access files via the file provider. This affects versions 2.21.0 and below.
Recommendations
For versions <=2.21.0, update to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the file provider to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Android Mobile Apps