47 results (0.029 seconds)

CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •

CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •