Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
{ "nvd_published_at": "2024-09-16T07:15:02Z", "cwe_ids": [ "CWE-427" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-09-16T20:14:50Z" }