Mattermost: >> Mattermost Desktop Security Vulnerabilities
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-16
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-10-13
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-03-17
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
CVSS Score
3.7
EPSS Score
0.003
Published
2024-09-16
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVSS Score
2.5
EPSS Score
0.004
Published
2024-09-16
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-09-16
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-06-14
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVSS Score
3.8
EPSS Score
0.0
Published
2024-06-14
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
CVSS Score
3.7
EPSS Score
0.002
Published
2023-11-02
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-11-02
Page 1