Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mattermost_desktop
(Mattermost)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-19 | CVE-2020-14454 | An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | Mattermost_desktop | 6.1 | ||
| 2020-06-19 | CVE-2020-14455 | An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | Mattermost_desktop | 6.5 | ||
| 2020-06-19 | CVE-2020-14456 | An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | Mattermost_desktop | 7.3 | ||
| 2023-05-02 | CVE-2023-2000 | Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | Mattermost_desktop | 5.4 | ||
| 2023-10-17 | CVE-2023-5339 | Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | Mattermost_desktop | 5.5 | ||
| 2023-11-02 | CVE-2023-5875 | Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | Mattermost_desktop | 5.3 | ||
| 2023-11-02 | CVE-2023-5876 | Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | Mattermost_desktop | 5.3 | ||
| 2023-11-02 | CVE-2023-5920 | Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | Mattermost_desktop | 3.3 | ||
| 2024-06-14 | CVE-2024-36287 | Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | Mattermost_desktop | 3.3 | ||
| 2024-06-14 | CVE-2024-37182 | Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | Mattermost_desktop | 6.1 |