Mattermost - Mattermost Desktop CVE

Filtered by vendor Mattermost Subscribe

Filtered by product Mattermost Desktop

Total 11 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2024-39613	1 Mattermost	1 Mattermost Desktop	2024-09-20	N/A	7.8 HIGH
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVE-2024-36287	2 Apple, Mattermost	2 Macos, Mattermost Desktop	2024-08-07	N/A	3.3 LOW
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVE-2024-37182	1 Mattermost	1 Mattermost Desktop	2024-08-07	N/A	6.1 MEDIUM
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
CVE-2023-2000	1 Mattermost	1 Mattermost Desktop	2024-02-04	N/A	5.4 MEDIUM
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVE-2018-21265	1 Mattermost	1 Mattermost Desktop	2024-02-04	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVE-2019-20856	2 Apple, Mattermost	2 Macos, Mattermost Desktop	2024-02-04	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVE-2020-14454	1 Mattermost	1 Mattermost Desktop	2024-02-04	5.8 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVE-2019-20861	1 Mattermost	1 Mattermost Desktop	2024-02-04	6.8 MEDIUM	8.8 HIGH
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
CVE-2016-11064	1 Mattermost	1 Mattermost Desktop	2024-02-04	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2020-14456	1 Mattermost	1 Mattermost Desktop	2024-02-04	7.5 HIGH	7.3 HIGH
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
CVE-2020-14455	1 Mattermost	1 Mattermost Desktop	2024-02-04	4.3 MEDIUM	6.5 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.

Vulnerabilities (CVE)