Mattermost: >> Mattermost Desktop >> 5.10.1 Security Vulnerabilities
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-16
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-10-13
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-03-17