CVE-2024-45833

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Published Sep 16, 2024
CWE ID 693

Summary

CVE-2024-45833 affects Mattermost Mobile Apps versions 2.18.0 and earlier, where a failure to disable autocomplete during password entry allows sensitive information to be inadvertently saved by the Swiftkey keyboard when password visibility is enabled and the password contains special characters. This vulnerability poses a medium-level risk with high confidentiality impact, as it requires user interaction to exploit but could lead to unauthorized access if an attacker gains access to saved passwords. The attack vector is classified as network-based, with low complexity for exploitation. To remediate this issue, users are advised to update their Mattermost Mobile Apps to versions beyond 2.18.0 and ensure that autocomplete features are disabled during sensitive data entry. Organizations using affected versions should prioritize these updates to mitigate the risk of credential exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share