Mattermost Desktop Mattermost Desktop

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Mattermost Desktop.

By the Year

In 2025 there have been 0 vulnerabilities in Mattermost Desktop. Last year, in 2024 Mattermost Desktop had 5 security vulnerabilities published. Right now, Mattermost Desktop is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 5 5.80
2023 4 5.38
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Mattermost Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mattermost Desktop Security Vulnerabilities

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which

CVE-2024-45835 6.5 - Medium - September 16, 2024

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which

CVE-2024-39772 5.3 - Medium - September 16, 2024

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on

CVE-2024-39613 7.8 - High - September 16, 2024

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.

DLL preloading

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which

CVE-2024-37182 6.1 - Medium - June 14, 2024

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which

CVE-2024-36287 3.3 - Low - June 14, 2024

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.

Mattermost fails to properly validate a RegExp built off the server URL path

CVE-2023-5876 5.3 - Medium - November 02, 2023

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones

CVE-2023-5875 5.3 - Medium - November 02, 2023

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged

CVE-2023-5339 5.5 - Medium - October 17, 2023

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 

Insertion of Sensitive Information into Log File

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

CVE-2023-2000 5.4 - Medium - May 02, 2023

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

Open Redirect

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Mattermost Desktop or by Mattermost? Click the Watch button to subscribe.

Mattermost
Vendor

subscribe