Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mattermost_desktop
(Mattermost)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-02 | CVE-2023-5920 | Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | Mattermost_desktop | 3.3 | ||
| 2024-06-14 | CVE-2024-36287 | Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | Mattermost_desktop | 3.3 | ||
| 2024-06-14 | CVE-2024-37182 | Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | Mattermost_desktop | 6.1 | ||
| 2024-09-16 | CVE-2024-39772 | Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. | Mattermost_desktop | 5.3 | ||
| 2024-09-16 | CVE-2024-45835 | Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. | Mattermost_desktop | 6.5 | ||
| 2024-09-16 | CVE-2024-39613 | Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | Mattermost_desktop | 7.8 | ||
| 2020-06-19 | CVE-2019-20856 | An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | Mattermost_desktop | 9.8 | ||
| 2020-06-19 | CVE-2018-21265 | An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | Mattermost_desktop | N/A | ||
| 2020-06-19 | CVE-2019-20861 | An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | Mattermost_desktop | N/A | ||
| 2020-06-19 | CVE-2016-11064 | An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | Mattermost_desktop | N/A |