Mattermost: Vulnerability Enables Remote Code Execution - Proactive Insights and Support For Open-Source Applications

In Mattermost Desktop App versions 5.8.0 and earlier a medium severity vulnerability CVE-2024-39613 was detected. This vulnerability allows a local attacker to exploit the failure to specify an absolute path when searching for cmd.exe, enabling them to place a malicious cmd.exe file in the user’s Downloads folder and execute remote code. To fix this issue, users must upgrade to version 5.9.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39613.