--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'RCE in Mattermost Desktop' version: '1.0' number: '2021-055' date: 'October 11, 2021' --- _History:_ * _11/10/2021 --- v1.0 -- Initial publication_ # Summary On 11th of October 2021, a security researcher published on Twitter the upcoming release of information about the remote code execution vulnerability that is affecting the Mattermost Desktop earlier than 4.6.2 [1]. This is confirmed by the existing reference MMSA-2021-0057 that has been addressed on 23rd of June 2021 by Mattermost [2]. Since the release of these details may have as result an active exploitation of the vulnerability, CERT-EU recommends the update to the latest versions as soon as possible. # Technical Details There are no technical details at the moment. Mattermost addressed this vulnerability by upgrading Electron, which may indicate that the problem resided at the Electron builder level. # Products Affected Mattermost Desktop App earlier than 4.7 version [2]. # Recommendations Upgrade the Mattermost Desktop App to the latest versions (at least 4.7). ## Workarounds and Mitigations There is no known workaround. # References [1] [2]