Lack Of Secure Keyboard Entry Protection in MacOS Desktop
CVE-2023-5920

2.9LOW

Key Information:

Vendor: Mattermost
Status: Mattermost Desktop
Vendor: CVE Published:; 2 November 2023

What is CVE-2023-5920?

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.

Affected Version(s)

Mattermost Desktop MacOS 0 <= 5.5.0

Mattermost Desktop MacOS 5.5.1

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Nov 2, 2023

Credit

DoyenSec