Lack of Hardening against media exploitation from a remote origin
CVE-2023-5875

5.3MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost Desktop
Vendor
CVE Published:
2 November 2023

What is CVE-2023-5875?

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server

Affected Version(s)

Mattermost Desktop 0 <= 5.5.0

Mattermost Desktop 5.5.1

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

DoyenSec
.
CVE-2023-5875 : Lack of Hardening against media exploitation from a remote origin