CVE-2024-32945

Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*

History

16 Jul 2024, 18:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 2.6
v2 : unknown
v3 : 5.3
First Time Mattermost mattermost Mobile
Mattermost
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
CPE cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*
Summary
  • (es) Las versiones de Mattermost Mobile Apps &lt;= 2.16.0 no protegen contra el abuso de un estado MathJax compartido globalmente que permite a un atacante cambiar el contenido de una publicación de LateX mediante la creación de otra publicación con definiciones de macro específicas.

15 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-15 09:15

Updated : 2024-07-16 18:03


NVD link : CVE-2024-32945

Mitre link : CVE-2024-32945

CVE.ORG link : CVE-2024-32945


JSON object : View

Products Affected

mattermost

  • mattermost_mobile
CWE
CWE-909

Missing Initialization of Resource