← back
CVE-2023-5339

Mattermost Desktop logs all keystrokes during initial run after fresh installation 

CVSS 4.7 MEDIUMEPSS 0.1%CWE-200
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
Mattermost · Mattermost

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://mattermost.com/security-updates