Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mattermost_desktop
(Mattermost)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-19 | CVE-2020-14454 | An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | Mattermost_desktop | 6.1 | ||
| 2020-06-19 | CVE-2020-14455 | An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | Mattermost_desktop | 6.5 | ||
| 2020-06-19 | CVE-2020-14456 | An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | Mattermost_desktop | 7.3 | ||
| 2023-05-02 | CVE-2023-2000 | Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | Mattermost_desktop | 5.4 | ||
| 2023-10-17 | CVE-2023-5339 | Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | Mattermost_desktop | 5.5 | ||
| 2023-11-02 | CVE-2023-5875 | Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | Mattermost_desktop | 5.3 | ||
| 2023-11-02 | CVE-2023-5876 | Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | Mattermost_desktop | 5.3 |