{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-45833","assignerOrgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","state":"PUBLISHED","assignerShortName":"Mattermost","dateReserved":"2024-09-10T08:20:38.452Z","datePublished":"2024-09-16T06:41:47.347Z","dateUpdated":"2024-09-16T13:04:55.732Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mattermost","vendor":"Mattermost","versions":[{"lessThanOrEqual":"2.18.0","status":"affected","version":"0","versionType":"semver"},{"status":"unaffected","version":"2.19.0"}]}],"credits":[{"lang":"en","type":"finder","value":"@lolcabanon"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Mattermost Mobile Apps versions &lt;=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the&nbsp;password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..</p>"}],"value":"Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-693","description":"CWE-693: Protection Mechanism Failure","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","shortName":"Mattermost","dateUpdated":"2024-09-16T06:41:47.347Z"},"references":[{"url":"https://mattermost.com/security-updates"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Update Mattermost Mobile Apps to versions 2.19.0 or higher.</p>"}],"value":"Update Mattermost Mobile Apps to versions 2.19.0 or higher."}],"source":{"advisory":"MMSA-2024-00314","defect":["https://mattermost.atlassian.net/browse/MM-56932"],"discovery":"EXTERNAL"},"title":"Mobile password gets saved in dictionary under conditions","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-16T13:04:05.356788Z","id":"CVE-2024-45833","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-16T13:04:55.732Z"}}]}}