Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Mattermost Desktop by Mattermost
CVE-2023-5920 (GCVE-0-2023-5920)
Vulnerability from nvd – Published: 2023-11-02 08:34 – Updated: 2025-02-27 20:36
VLAI
EPSS
VEX
Title
Lack Of Secure Keyboard Entry Protection in MacOS Desktop
Summary
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:48:38.756760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:12.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\u003c/p\u003e"
}
],
"value": "Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:34:30.659Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00249",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54462"
],
"discovery": "EXTERNAL"
},
"title": "Lack Of Secure Keyboard Entry Protection in MacOS Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5920",
"datePublished": "2023-11-02T08:34:30.659Z",
"dateReserved": "2023-11-02T08:29:11.115Z",
"dateUpdated": "2025-02-27T20:36:12.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5876 (GCVE-0-2023-5876)
Vulnerability from nvd – Published: 2023-11-02 08:26 – Updated: 2024-09-05 18:12
VLAI
EPSS
VEX
Title
Regex DoS from a malicious server enrolled in Desktop
Summary
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:11:50.724411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:06.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\u003c/p\u003e"
}
],
"value": "Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:26:01.611Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions v5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions v5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00255",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54516"
],
"discovery": "EXTERNAL"
},
"title": "Regex DoS from a malicious server enrolled in Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5876",
"datePublished": "2023-11-02T08:26:01.611Z",
"dateReserved": "2023-10-31T10:56:31.545Z",
"dateUpdated": "2024-09-05T18:12:06.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5875 (GCVE-0-2023-5875)
Vulnerability from nvd – Published: 2023-11-02 08:27 – Updated: 2024-09-05 18:12
VLAI
EPSS
VEX
Title
Lack of Hardening against media exploitation from a remote origin
Summary
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:12:19.017406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:33.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mattermost Desktop fails to correctly\u0026nbsp;handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:27:05.082Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00251",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54464"
],
"discovery": "EXTERNAL"
},
"title": "Lack of Hardening against media exploitation from a remote origin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5875",
"datePublished": "2023-11-02T08:27:05.082Z",
"dateReserved": "2023-10-31T10:43:53.126Z",
"dateUpdated": "2024-09-05T18:12:33.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5920 (GCVE-0-2023-5920)
Vulnerability from cvelistv5 – Published: 2023-11-02 08:34 – Updated: 2025-02-27 20:36
VLAI
EPSS
VEX
Title
Lack Of Secure Keyboard Entry Protection in MacOS Desktop
Summary
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:48:38.756760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:12.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\u003c/p\u003e"
}
],
"value": "Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:34:30.659Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00249",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54462"
],
"discovery": "EXTERNAL"
},
"title": "Lack Of Secure Keyboard Entry Protection in MacOS Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5920",
"datePublished": "2023-11-02T08:34:30.659Z",
"dateReserved": "2023-11-02T08:29:11.115Z",
"dateUpdated": "2025-02-27T20:36:12.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5875 (GCVE-0-2023-5875)
Vulnerability from cvelistv5 – Published: 2023-11-02 08:27 – Updated: 2024-09-05 18:12
VLAI
EPSS
VEX
Title
Lack of Hardening against media exploitation from a remote origin
Summary
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:12:19.017406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:33.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mattermost Desktop fails to correctly\u0026nbsp;handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:27:05.082Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00251",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54464"
],
"discovery": "EXTERNAL"
},
"title": "Lack of Hardening against media exploitation from a remote origin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5875",
"datePublished": "2023-11-02T08:27:05.082Z",
"dateReserved": "2023-10-31T10:43:53.126Z",
"dateUpdated": "2024-09-05T18:12:33.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5876 (GCVE-0-2023-5876)
Vulnerability from cvelistv5 – Published: 2023-11-02 08:26 – Updated: 2024-09-05 18:12
VLAI
EPSS
VEX
Title
Regex DoS from a malicious server enrolled in Desktop
Summary
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:11:50.724411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:06.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\u003c/p\u003e"
}
],
"value": "Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:26:01.611Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions v5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions v5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00255",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54516"
],
"discovery": "EXTERNAL"
},
"title": "Regex DoS from a malicious server enrolled in Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5876",
"datePublished": "2023-11-02T08:26:01.611Z",
"dateReserved": "2023-10-31T10:56:31.545Z",
"dateUpdated": "2024-09-05T18:12:06.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}