CVE-2023-5339

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*

History

24 Oct 2023, 18:26

Type	Values Removed	Values Added
References	~~(MISC) https://mattermost.com/security-updates -~~	(MISC) https://mattermost.com/security-updates - Vendor Advisory
First Time		Mattermost mattermost Desktop Mattermost
CWE		CWE-532
CPE		cpe:2.3:a:mattermost:mattermost_desktop::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

17 Oct 2023, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-17 10:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-5339

Mitre link : CVE-2023-5339

CVE.ORG link : CVE-2023-5339

JSON object : View

Products Affected

mattermost

mattermost_desktop

CWE

CWE-532

Insertion of Sensitive Information into Log File

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2023-5339", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2023-10-17T10:15:10.343", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Mattermost Desktop\u00a0fails to set an appropriate log level during initial run after fresh installation\u00a0resulting in logging all keystrokes\u00a0including password entry\u00a0being logged.\u00a0\n\n"}, {"lang": "es", "value": "Mattermost Desktop no puede establecer un nivel de registro apropiado durante la ejecuci\u00f3n inicial despu\u00e9s de una nueva instalaci\u00f3n, lo que provoca que se registren todas las pulsaciones de teclas, incluida la entrada de contrase\u00f1a."}], "lastModified": "2023-10-24T18:26:48.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2017F67-0DD3-4A9A-89F3-7C48FF9D4868", "versionEndIncluding": "5.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "responsibledisclosure@mattermost.com"}