Mattermost Desktop Security Vulnerabilities - 2023
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
5.4CVSS
5.5AI Score
0.0005EPSS
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
5.5CVSS
5.5AI Score
0.0004EPSS
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
5.3CVSS
5.2AI Score
0.0005EPSS
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
5.3CVSS
5.2AI Score
0.0004EPSS
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
3.3CVSS
4.1AI Score
0.0004EPSS