CVE-2024-11358 | THREATINT

Description

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.

PUBLISHED Reserved 2024-11-18 | Published 2024-12-16 | Updated 2024-12-16 | Assigner Mattermost

MEDIUM: 5.7CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

Any version

affected

2.22.0

unaffected

Credits

BugSniper (bugsniper1081) finder

References

mattermost.com/security-updates

cve.org (CVE-2024-11358)

nvd.nist.gov (CVE-2024-11358)