Login Sign Up

CVE-2024-37182

4.7 MEDIUM
Remote Code Execution

📋 TL;DR

Mattermost Desktop App versions up to 5.7.0 fail to properly prompt users for permission when opening external URLs, allowing attackers to force victims to execute arbitrary programs via custom URI schemes. This affects all users of vulnerable Mattermost Desktop App versions who click on malicious links.

💻 Affected Systems

Products:
  • Mattermost Desktop App
Versions: <= 5.7.0
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. Requires user interaction (clicking a link).

📦 What is this software?

Mattermost Desktop by Mattermost

View all CVEs affecting Mattermost Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Attackers trick users into clicking malicious links that execute unwanted programs, potentially leading to malware installation or credential theft.

🟢

If Mitigated

Users are prompted for permission before external URLs open, preventing unauthorized program execution.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely via malicious links sent through Mattermost or other channels.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit via internal communications, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering to trick users into clicking malicious links. No authentication needed for the vulnerability itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.1 and later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Open Mattermost Desktop App. 2. Go to Help > Check for Updates. 3. Install version 5.7.1 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable automatic URL handling

all

Configure system to not automatically handle custom URI schemes from Mattermost

Use web browser version

all

Temporarily use Mattermost via web browser instead of desktop app

🧯 If You Can't Patch

  • Implement strict URL filtering in network security controls
  • Educate users about phishing risks and not clicking untrusted links

🔍 How to Verify

Check if Vulnerable:

Check Mattermost Desktop App version in Help > About. If version is 5.7.0 or earlier, you are vulnerable.

Check Version:

Not applicable - check via GUI in Help > About menu

Verify Fix Applied:

Verify version is 5.7.1 or later in Help > About. Test by clicking a custom URI scheme link - you should see a permission prompt.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process executions from URI handlers
  • Multiple failed permission prompts for external URLs

Network Indicators:

  • Unusual outbound connections after clicking Mattermost links
  • Traffic to suspicious domains from custom URI scheme launches

SIEM Query:

Process creation where parent process contains 'mattermost' AND command line contains URI scheme patterns

📊 Metadata

CVE ID: CVE-2024-37182
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-693
Published: June 14, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37182, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)