Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Filtered by product Mattermost Desktop
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5876 1 Mattermost 1 Mattermost Desktop 2023-12-10 N/A 5.3 MEDIUM
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVE-2023-5875 1 Mattermost 1 Mattermost Desktop 2023-12-10 N/A 5.3 MEDIUM
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
CVE-2023-5339 1 Mattermost 1 Mattermost Desktop 2023-12-10 N/A 5.5 MEDIUM
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
CVE-2023-5920 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2023-12-10 N/A 3.3 LOW
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
CVE-2023-2000 1 Mattermost 1 Mattermost Desktop 2023-12-10 N/A 5.4 MEDIUM
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVE-2020-14454 1 Mattermost 1 Mattermost Desktop 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVE-2018-21265 1 Mattermost 1 Mattermost Desktop 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVE-2020-14456 1 Mattermost 1 Mattermost Desktop 2023-12-10 7.5 HIGH 7.3 HIGH
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
CVE-2020-14455 1 Mattermost 1 Mattermost Desktop 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
CVE-2016-11064 1 Mattermost 1 Mattermost Desktop 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2019-20856 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVE-2019-20861 1 Mattermost 1 Mattermost Desktop 2023-12-10 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.