First published: Tue Oct 17 2023(Updated: )
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=5.4.0 |
Update Mattermost Desktop to versions 5.5.0 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-5339.
The title of the vulnerability is Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation.
The impact of this vulnerability is that all keystrokes, including password entry, are logged.
Mattermost Desktop version up to and including 5.4.0 is affected.
This vulnerability has a severity rating of 5.5 (medium).