Search criteria
6 vulnerabilities found for Mattermost Desktop by Mattermost
CVE-2023-5920 (GCVE-0-2023-5920)
Vulnerability from cvelistv5 – Published: 2023-11-02 08:34 – Updated: 2025-02-27 20:36
VLAI?
Title
Lack Of Secure Keyboard Entry Protection in MacOS Desktop
Summary
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:48:38.756760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:12.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\u003c/p\u003e"
}
],
"value": "Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:34:30.659Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00249",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54462"
],
"discovery": "EXTERNAL"
},
"title": "Lack Of Secure Keyboard Entry Protection in MacOS Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5920",
"datePublished": "2023-11-02T08:34:30.659Z",
"dateReserved": "2023-11-02T08:29:11.115Z",
"dateUpdated": "2025-02-27T20:36:12.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5875 (GCVE-0-2023-5875)
Vulnerability from cvelistv5 – Published: 2023-11-02 08:27 – Updated: 2024-09-05 18:12
VLAI?
Title
Lack of Hardening against media exploitation from a remote origin
Summary
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
Severity ?
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:12:19.017406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:33.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mattermost Desktop fails to correctly\u0026nbsp;handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:27:05.082Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00251",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54464"
],
"discovery": "EXTERNAL"
},
"title": "Lack of Hardening against media exploitation from a remote origin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5875",
"datePublished": "2023-11-02T08:27:05.082Z",
"dateReserved": "2023-10-31T10:43:53.126Z",
"dateUpdated": "2024-09-05T18:12:33.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5876 (GCVE-0-2023-5876)
Vulnerability from cvelistv5 – Published: 2023-11-02 08:26 – Updated: 2024-09-05 18:12
VLAI?
Title
Regex DoS from a malicious server enrolled in Desktop
Summary
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:11:50.724411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:06.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\u003c/p\u003e"
}
],
"value": "Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:26:01.611Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions v5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions v5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00255",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54516"
],
"discovery": "EXTERNAL"
},
"title": "Regex DoS from a malicious server enrolled in Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5876",
"datePublished": "2023-11-02T08:26:01.611Z",
"dateReserved": "2023-10-31T10:56:31.545Z",
"dateUpdated": "2024-09-05T18:12:06.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5920 (GCVE-0-2023-5920)
Vulnerability from nvd – Published: 2023-11-02 08:34 – Updated: 2025-02-27 20:36
VLAI?
Title
Lack Of Secure Keyboard Entry Protection in MacOS Desktop
Summary
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:48:38.756760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:36:12.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\u003c/p\u003e"
}
],
"value": "Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:34:30.659Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00249",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54462"
],
"discovery": "EXTERNAL"
},
"title": "Lack Of Secure Keyboard Entry Protection in MacOS Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5920",
"datePublished": "2023-11-02T08:34:30.659Z",
"dateReserved": "2023-11-02T08:29:11.115Z",
"dateUpdated": "2025-02-27T20:36:12.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5875 (GCVE-0-2023-5875)
Vulnerability from nvd – Published: 2023-11-02 08:27 – Updated: 2024-09-05 18:12
VLAI?
Title
Lack of Hardening against media exploitation from a remote origin
Summary
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
Severity ?
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:12:19.017406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:33.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mattermost Desktop fails to correctly\u0026nbsp;handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:27:05.082Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions 5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00251",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54464"
],
"discovery": "EXTERNAL"
},
"title": "Lack of Hardening against media exploitation from a remote origin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5875",
"datePublished": "2023-11-02T08:27:05.082Z",
"dateReserved": "2023-10-31T10:43:53.126Z",
"dateUpdated": "2024-09-05T18:12:33.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5876 (GCVE-0-2023-5876)
Vulnerability from nvd – Published: 2023-11-02 08:26 – Updated: 2024-09-05 18:12
VLAI?
Title
Regex DoS from a malicious server enrolled in Desktop
Summary
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost Desktop |
Affected:
0 , ≤ 5.5.0
(semver)
Unaffected: 5.5.1 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mattermost.com/security-updates"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:11:50.724411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:12:06.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\u003c/p\u003e"
}
],
"value": "Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T08:26:01.611Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop to versions v5.5.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop to versions v5.5.1 or higher.\n\n"
}
],
"source": {
"advisory": "MMSA-2023-00255",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54516"
],
"discovery": "EXTERNAL"
},
"title": "Regex DoS from a malicious server enrolled in Desktop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2023-5876",
"datePublished": "2023-11-02T08:26:01.611Z",
"dateReserved": "2023-10-31T10:56:31.545Z",
"dateUpdated": "2024-09-05T18:12:06.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}