Lack Of Secure Keyboard Entry Protection in MacOS Desktop
CVE-2023-5920

3.3LOW

Key Information:

Vendor: Mattermost
Status: Mattermost Desktop
Vendor: CVE Published:; 2 November 2023

Summary

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.

Affected Version(s)

Mattermost Desktop MacOS 0 <= 5.5.0

Mattermost Desktop MacOS 5.5.1

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Nov 2, 2023

Credit

DoyenSec