Mattermost: >> Mattermost Desktop >> 3.4.0 Security Vulnerabilities
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
CVSS Score
3.7
EPSS Score
0.002
Published
2023-11-02
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-11-02
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
CVSS Score
2.9
EPSS Score
0.001
Published
2023-11-02
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-10-17
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-02
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-06-19