CVE-2024-11358 – Mattermost Android mobile apps up to version 2.... (How to Fix)

Q: How do I fix CVE-2024-11358?

1. Open Google Play Store on Android device. 2. Search for Mattermost. 3. Update to version 2.22.0 or later. 4. Restart the Mattermost app after update.

Q: What is the severity of CVE-2024-11358?

CVE-2024-11358 has a CVSS score of 5.7 (MEDIUM). Mattermost Android mobile apps up to version 2.21.0 have a misconfigured file provider that allows local attackers to access sensitive files. This affects Android users of Mattermost mobile applications who haven't updated to the patched version. The vulnerability requires physical access to the device or malware with local execution capabilities.

📋 TL;DR

Mattermost Android mobile apps up to version 2.21.0 have a misconfigured file provider that allows local attackers to access sensitive files. This affects Android users of Mattermost mobile applications who haven't updated to the patched version. The vulnerability requires physical access to the device or malware with local execution capabilities.

💻 Affected Systems

Products:

Mattermost Android Mobile App

Versions: <= 2.21.0

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android versions of Mattermost mobile apps. iOS versions are not affected. Requires local access to the device.

📦 What is this software?

Mattermost Mobile by Mattermost

View all CVEs affecting Mattermost Mobile →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could extract sensitive Mattermost data, configuration files, or potentially other app data stored in accessible directories, leading to data breach or credential theft.

🟠

Likely Case

Malicious apps installed on the same device could access Mattermost files, potentially extracting chat history, authentication tokens, or configuration data.

🟢

If Mitigated

With proper mobile device management and app sandboxing, the impact is limited to the Mattermost app's own data storage, preventing cross-app data access.

🌐 Internet-Facing: LOW - This is a local file access vulnerability requiring physical or local app access, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - In enterprise environments, compromised employee devices could allow attackers to access Mattermost corporate communications and data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the Android device, either physically or through a malicious app with appropriate permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.22.0 and later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Open Google Play Store on Android device. 2. Search for Mattermost. 3. Update to version 2.22.0 or later. 4. Restart the Mattermost app after update.

🔧 Temporary Workarounds

Restrict App Installation

android

Prevent installation of untrusted apps that could exploit the vulnerability

Enable Android Verified Boot

android

Ensure device integrity and prevent unauthorized modifications

🧯 If You Can't Patch

Implement mobile device management (MDM) to control app installations and permissions
Educate users about risks of installing untrusted apps and physical device security

🔍 How to Verify

Check if Vulnerable:

Check Mattermost app version in Android Settings > Apps > Mattermost > App info. If version is 2.21.0 or lower, the device is vulnerable.

Check Version:

Not applicable - check via Android Settings UI

Verify Fix Applied:

After updating, verify the app version shows 2.22.0 or higher in Android Settings > Apps > Mattermost > App info.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from other apps to Mattermost directories
Permission violations in Android system logs

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Not applicable for local file access vulnerability

📊 Metadata

CVE ID: CVE-2024-11358

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-284

Published: December 16, 2024

Last Updated: September 24, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11358, you might also want to check these: