CVE-2023-5920 – Lack Of Secure Keyboard Entry Protection in MacOS Desktop
https://notcve.org/view.php?id=CVE-2023-5920
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Mattermost Desktop para MacOS no utiliza la funcionalidad de entrada de teclado segura proporcionada por macOS, lo que permite que otros procesos lean la entrada del teclado. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-5875 – Lack of Hardening against media exploitation from a remote origin
https://notcve.org/view.php?id=CVE-2023-5875
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server Mattermost Desktop no maneja correctamente los permisos ni solicita el consentimiento del usuario en ciertos permisos confidenciales, lo que permite la explotación de medios desde un servidor de Mattermost malicioso. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •
CVE-2023-5876 – Regex DoS from a malicious server enrolled in Desktop
https://notcve.org/view.php?id=CVE-2023-5876
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. Mattermost no logra validar adecuadamente una expresión regular creada a partir de la ruta URL del servidor, lo que permite que un atacante con control de un servidor inscrito monte una Denegación de Servicio. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-5339 – Mattermost Desktop logs all keystrokes during initial run after fresh installation
https://notcve.org/view.php?id=CVE-2023-5339
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. Mattermost Desktop no puede establecer un nivel de registro apropiado durante la ejecución inicial después de una nueva instalación, lo que provoca que se registren todas las pulsaciones de teclas, incluida la entrada de contraseña. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-2000 – Unrestricted navigation due to unvalidated mattermost server redirection
https://notcve.org/view.php?id=CVE-2023-2000
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website • https://mattermost.com/security-updates • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •