Home

Description

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.

PUBLISHED Reserved 2023-10-02 | Published 2023-10-17 | Updated 2024-09-05 | Assigner Mattermost




MEDIUM: 4.7CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

Any version
affected

5.5.0
unaffected

Credits

Patrice Kolb finder

References

mattermost.com/security-updates

mattermost.com/security-updates

cve.org (CVE-2023-5339)

nvd.nist.gov (CVE-2023-5339)

Download JSON