PT-2024-28668 · Mattermost · Mattermost Desktop App
C0Rydoras
+1
·
Published
2024-09-16
·
Updated
2024-11-01
·
CVE-2024-39772
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mattermost Desktop App versions <=5.8.0
Description
The issue concerns a flaw in the screen capture functionality of the Mattermost Desktop App, allowing an attacker to silently capture high-quality screenshots via JavaScript APIs.
Recommendations
For Mattermost Desktop App versions <=5.8.0, update to a version higher than 5.8.0 to resolve the issue. As a temporary workaround, consider disabling the screen capture functionality until a patch is available. Restrict access to sensitive information on devices running the affected versions to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Desktop App