Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RCE in desktop app in Windows by local attacker
Vulnerability Description
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Mattermost Desktop App 安全漏洞
Vulnerability Description
Mattermost Desktop App是美国Mattermost公司的一款消息传递桌面版应用程序。 Mattermost Desktop App 5.8.0版本及之前版本存在安全漏洞,该漏洞源于在搜索 cmd.exe 文件时未能指定绝对路径。攻击者利用该漏洞可以远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A