Mattermost Desktop

Mattermost fails to properly validate a RegExp built off the server URL path

CVE-2023-5876 5.3 - Medium - November 02, 2023

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones

CVE-2023-5875 5.3 - Medium - November 02, 2023

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged

CVE-2023-5339 5.5 - Medium - October 17, 2023

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 

Insertion of Sensitive Information into Log File

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

CVE-2023-2000 5.4 - Medium - May 02, 2023

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

Open Redirect