{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-055.pdf"
    },
    "title": "RCE in Mattermost Desktop",
    "serial_number": "2021-055",
    "publish_date": "11-10-2021 16:53:00",
    "description": "On 11th of October 2021, a security researcher published on Twitter the upcoming release of information about the remote code execution vulnerability that is affecting the Mattermost Desktop earlier than 4.6.2. This is confirmed by the existing reference MMSA-2021-0057 that has been addressed on 23rd of June 2021 by Mattermost.<br>Since the release of these details may have as result an active exploitation of the vulnerability, CERT-EU recommends the update to the latest versions as soon as possible.",
    "url_title": "2021-055",
    "content_markdown": "---\ntitle: 'RCE in Mattermost Desktop'\nversion: '1.0'\nnumber: '2021-055'\ndate: 'October 11, 2021'\n---\n\n_History:_\n\n* _11/10/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 11th of October 2021, a security researcher published on Twitter the upcoming release of information about the remote code execution vulnerability that is affecting the Mattermost Desktop earlier than 4.6.2 [1]. This is confirmed by the existing reference MMSA-2021-0057 that has been addressed on 23rd of June 2021 by Mattermost [2].\n\nSince the release of these details may have as result an active exploitation of the vulnerability, CERT-EU recommends the update to the latest versions as soon as possible.\n\n# Technical Details\n\nThere are no technical details at the moment. Mattermost addressed this vulnerability by upgrading Electron, which may indicate that the problem resided at the Electron builder level.\n\n# Products Affected\n\nMattermost Desktop App earlier than 4.7 version [2].\n\n# Recommendations\n\nUpgrade the Mattermost Desktop App to the latest versions (at least 4.7).\n\n## Workarounds and Mitigations\n\nThere is no known workaround.\n\n# References\n\n[1] <https://twitter.com/aaditya_purani/status/1447351686150778881>\n\n[2] <https://mattermost.com/security-updates/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>11/10/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 11th of October 2021, a security researcher published on Twitter the upcoming release of information about the remote code execution vulnerability that is affecting the Mattermost Desktop earlier than 4.6.2 [1]. This is confirmed by the existing reference MMSA-2021-0057 that has been addressed on 23rd of June 2021 by Mattermost [2].</p><p>Since the release of these details may have as result an active exploitation of the vulnerability, CERT-EU recommends the update to the latest versions as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>There are no technical details at the moment. Mattermost addressed this vulnerability by upgrading Electron, which may indicate that the problem resided at the Electron builder level.</p><h2 id=\"products-affected\">Products Affected</h2><p>Mattermost Desktop App earlier than 4.7 version [2].</p><h2 id=\"recommendations\">Recommendations</h2><p>Upgrade the Mattermost Desktop App to the latest versions (at least 4.7).</p><h3 id=\"workarounds-and-mitigations\">Workarounds and Mitigations</h3><p>There is no known workaround.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://twitter.com/aaditya_purani/status/1447351686150778881\">https://twitter.com/aaditya_purani/status/1447351686150778881</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://mattermost.com/security-updates/\">https://mattermost.com/security-updates/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}