Lucene search

Mattermost Desktop Security Vulnerabilities - 2020

cve

CVE-2016-11064

An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.

9.8CVSS

9.6AI Score

0.002EPSS

2020-06-19 08:15 PM

cve

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).

5.3CVSS

5.3AI Score

0.001EPSS

2020-06-19 05:15 PM

cve

CVE-2019-20856

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.

9.8CVSS

9.6AI Score

0.002EPSS

2020-06-19 03:15 PM

cve

CVE-2019-20861

An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.

8.8CVSS

8.8AI Score

0.003EPSS

2020-06-19 03:15 PM

cve

CVE-2020-14454

An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.

6.1CVSS

6.2AI Score

0.001EPSS

2020-06-19 02:15 PM

cve

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.

6.5CVSS

6.5AI Score

0.002EPSS

2020-06-19 02:15 PM

cve

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.

7.3CVSS

7.2AI Score

0.001EPSS

2020-06-19 02:15 PM