Mattermost: >> Mattermost Desktop >> 5.7.0 Security Vulnerabilities
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
CVSS Score
3.7
EPSS Score
0.001
Published
2024-09-16
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVSS Score
2.5
EPSS Score
0.001
Published
2024-09-16
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-09-16
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
CVSS Score
4.7
EPSS Score
0.008
Published
2024-06-14
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVSS Score
3.8
EPSS Score
0.0
Published
2024-06-14