PT-2024-24992 · Mattermost · Mattermost Mobile Apps

Juho Forsén

Published

2024-07-15

Updated

2024-07-16

CVE-2024-32945

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mattermost Mobile Apps versions <=2.16.0

Description The issue arises from the failure to protect against abuse of a globally shared MathJax state, allowing an attacker to alter the contents of a LaTeX post. This can be achieved by creating another post with specific macro definitions.

Recommendations For Mattermost Mobile Apps versions <=2.16.0, update to a version greater than 2.16.0 to resolve the issue. As a temporary workaround, consider restricting the use of LaTeX posts until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909

Related Identifiers

CVE-2024-32945

Affected Products

Mattermost Mobile Apps

PT-2024-24992 · Mattermost · Mattermost Mobile Apps

CVE-2024-32945

Weakness Enumeration

Related Identifiers

Affected Products

References · 4