Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisory 2021-055

Release Date:

RCE in Mattermost Desktop

Download

History:

  • 11/10/2021 --- v1.0 -- Initial publication

Summary

On 11th of October 2021, a security researcher published on Twitter the upcoming release of information about the remote code execution vulnerability that is affecting the Mattermost Desktop earlier than 4.6.2 [1]. This is confirmed by the existing reference MMSA-2021-0057 that has been addressed on 23rd of June 2021 by Mattermost [2].

Since the release of these details may have as result an active exploitation of the vulnerability, CERT-EU recommends the update to the latest versions as soon as possible.

Technical Details

There are no technical details at the moment. Mattermost addressed this vulnerability by upgrading Electron, which may indicate that the problem resided at the Electron builder level.

Products Affected

Mattermost Desktop App earlier than 4.7 version [2].

Recommendations

Upgrade the Mattermost Desktop App to the latest versions (at least 4.7).

Workarounds and Mitigations

There is no known workaround.

References

[1] https://twitter.com/aaditya_purani/status/1447351686150778881

[2] https://mattermost.com/security-updates/

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.