← voltar
CVE-2024-32945

LaTeX post content manipulation via renderer state leak across contexts

CVSS 2.6 LOWEPSS 0.2%CWE-909
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Produtos afetados
Mattermost · Mattermost

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://mattermost.com/security-updates