Mattermost

Mattermost Desktop

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.9

CVE-2025-13326

  • EPSS 0.02%
  • Veröffentlicht 17.12.2025 18:14:14
  • Zuletzt bearbeitet 18.12.2025 19:47:06

Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.

3.3

CVE-2025-13321

  • EPSS 0.02%
  • Veröffentlicht 17.12.2025 18:14:12
  • Zuletzt bearbeitet 18.12.2025 19:41:30

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via read...

6.1

CVE-2025-55035

  • EPSS 0.08%
  • Veröffentlicht 16.10.2025 15:18:25
  • Zuletzt bearbeitet 29.10.2025 18:31:15

Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the u...

6.5

CVE-2025-58084

  • EPSS 0.1%
  • Veröffentlicht 13.10.2025 20:15:33
  • Zuletzt bearbeitet 29.10.2025 13:34:07

Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.

3.3

CVE-2025-1398

  • EPSS 0.03%
  • Veröffentlicht 17.03.2025 14:19:51
  • Zuletzt bearbeitet 25.09.2025 19:14:25

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

6.5

CVE-2024-45835

  • EPSS 0.27%
  • Veröffentlicht 16.09.2024 15:15:16
  • Zuletzt bearbeitet 01.11.2024 14:20:56

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

5.3

CVE-2024-39772

  • EPSS 0.26%
  • Veröffentlicht 16.09.2024 15:15:16
  • Zuletzt bearbeitet 01.11.2024 14:20:22

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

7.8

CVE-2024-39613

  • EPSS 0.73%
  • Veröffentlicht 16.09.2024 07:15:02
  • Zuletzt bearbeitet 20.09.2024 13:59:01

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on ...

6.1

CVE-2024-37182

  • EPSS 0.33%
  • Veröffentlicht 14.06.2024 09:15:10
  • Zuletzt bearbeitet 21.11.2024 09:23:22

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.

3.3

CVE-2024-36287

  • EPSS 0.04%
  • Veröffentlicht 14.06.2024 09:15:09
  • Zuletzt bearbeitet 21.11.2024 09:21:59

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.