Filtered by vendor Mattermost Subscriptions
Filtered by product Mattermost Desktop Subscriptions
Total 17 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2000 1 Mattermost 1 Mattermost Desktop 2024-12-07 5.4 Medium
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVE-2024-37182 1 Mattermost 1 Mattermost Desktop 2024-11-21 4.7 Medium
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
CVE-2024-36287 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-11-21 3.8 Low
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVE-2023-5920 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-11-21 2.9 Low
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
CVE-2023-5876 1 Mattermost 1 Mattermost Desktop 2024-11-21 3.1 Low
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVE-2023-5875 1 Mattermost 1 Mattermost Desktop 2024-11-21 3.7 Low
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
CVE-2023-5339 1 Mattermost 1 Mattermost Desktop 2024-11-21 4.7 Medium
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
CVE-2020-14456 1 Mattermost 1 Mattermost Desktop 2024-11-21 7.3 High
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
CVE-2020-14455 1 Mattermost 1 Mattermost Desktop 2024-11-21 6.5 Medium
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
CVE-2020-14454 1 Mattermost 1 Mattermost Desktop 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVE-2019-20861 1 Mattermost 1 Mattermost Desktop 2024-11-21 8.8 High
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
CVE-2019-20856 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVE-2018-21265 1 Mattermost 1 Mattermost Desktop 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVE-2016-11064 1 Mattermost 1 Mattermost Desktop 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2024-45835 1 Mattermost 1 Mattermost Desktop 2024-11-01 2.5 Low
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVE-2024-39772 1 Mattermost 1 Mattermost Desktop 2024-11-01 3.7 Low
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
CVE-2024-39613 1 Mattermost 1 Mattermost Desktop 2024-09-20 5.3 Medium
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.