Mattermost: >> Mattermost Desktop >> 5.9.2 Security Vulnerabilities
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
CVSS Score
3.9
EPSS Score
0.0
Published
2025-12-17
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-12-17
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-10-16
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-10-13
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-03-17