Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-39613 | 1 Mattermost | 1 Mattermost Desktop | 2024-09-20 | N/A | 7.8 HIGH |
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | |||||
CVE-2024-36287 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-08-07 | N/A | 3.3 LOW |
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | |||||
CVE-2024-37182 | 1 Mattermost | 1 Mattermost Desktop | 2024-08-07 | N/A | 6.1 MEDIUM |
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes. | |||||
CVE-2023-2000 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | N/A | 5.4 MEDIUM |
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | |||||
CVE-2018-21265 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | |||||
CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | |||||
CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | |||||
CVE-2019-20861 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | |||||
CVE-2016-11064 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | |||||
CVE-2020-14456 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | |||||
CVE-2020-14455 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. |