Mattermost

Mattermost Desktop

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-55035

  • EPSS 0.05%
  • Veröffentlicht 16.10.2025 15:18:25
  • Zuletzt bearbeitet 29.10.2025 18:31:15

Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the u...

6.5

CVE-2025-58084

  • EPSS 0.08%
  • Veröffentlicht 13.10.2025 20:15:33
  • Zuletzt bearbeitet 29.10.2025 13:34:07

Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.

3.3

CVE-2025-1398

  • EPSS 0.03%
  • Veröffentlicht 17.03.2025 14:19:51
  • Zuletzt bearbeitet 25.09.2025 19:14:25

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

6.5

CVE-2024-45835

  • EPSS 0.27%
  • Veröffentlicht 16.09.2024 15:15:16
  • Zuletzt bearbeitet 01.11.2024 14:20:56

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

5.3

CVE-2024-39772

  • EPSS 0.26%
  • Veröffentlicht 16.09.2024 15:15:16
  • Zuletzt bearbeitet 01.11.2024 14:20:22

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

7.8

CVE-2024-39613

  • EPSS 0.73%
  • Veröffentlicht 16.09.2024 07:15:02
  • Zuletzt bearbeitet 20.09.2024 13:59:01

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on ...

6.1

CVE-2024-37182

  • EPSS 0.33%
  • Veröffentlicht 14.06.2024 09:15:10
  • Zuletzt bearbeitet 21.11.2024 09:23:22

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.

3.3

CVE-2024-36287

  • EPSS 0.04%
  • Veröffentlicht 14.06.2024 09:15:09
  • Zuletzt bearbeitet 21.11.2024 09:21:59

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.

5.3

CVE-2023-5876

  • EPSS 0.12%
  • Veröffentlicht 02.11.2023 09:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:41

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.

3.3

CVE-2023-5920

  • EPSS 0.08%
  • Veröffentlicht 02.11.2023 09:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:46

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.