Mattermost Desktop 3.4.1

CPE Details

Mattermost Desktop 3.4.1
mattermost
mattermost_desktop
3.4.1
2025-01-10
17h38 +00:00
2025-01-10
17h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mattermost:mattermost_desktop:3.4.1:*:*:*:*:*:*:*

Informations

Vendor

mattermost

Product

mattermost_desktop

Version

3.4.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45835 2024-09-16 14h27 +00:00 Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
6.5
Moyen
CVE-2024-39772 2024-09-16 14h27 +00:00 Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
5.3
Moyen
CVE-2024-39613 2024-09-16 06h40 +00:00 Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
7.8
Haute
CVE-2024-37182 2024-06-14 08h39 +00:00 Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.
6.1
Moyen
CVE-2024-36287 2024-06-14 08h39 +00:00 Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
3.8
Bas
CVE-2023-5920 2023-11-02 08h34 +00:00 Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
3.3
Bas
CVE-2023-5875 2023-11-02 08h27 +00:00 Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
5.3
Moyen
CVE-2023-5876 2023-11-02 08h26 +00:00 Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
5.3
Moyen
CVE-2023-5339 2023-10-17 09h30 +00:00 Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
5.5
Moyen
CVE-2023-2000 2023-05-02 08h57 +00:00 Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
5.4
Moyen
CVE-2018-21265 2020-06-19 14h51 +00:00 An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
5.3
Moyen
CVE-2019-20861 2020-06-19 12h16 +00:00 An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
8.8
Haute
CVE-2019-20856 2020-06-19 12h07 +00:00 An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
9.8
Critique
CVE-2020-14456 2020-06-19 11h12 +00:00 An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
7.3
Haute
CVE-2020-14455 2020-06-19 11h11 +00:00 An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
6.5
Moyen
CVE-2020-14454 2020-06-19 11h10 +00:00 An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
6.1
Moyen