CVE-2023-5339: Mattermost Desktop logs all keystrokes during initial run after fresh installation
First published: Tue Oct 17 2023(Updated: )
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost Desktop | <=5.4.0 |
Remedy
Update Mattermost Desktop to versions 5.5.0 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-5339.
What is the title of the vulnerability?
The title of the vulnerability is Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation.
What is the impact of this vulnerability?
The impact of this vulnerability is that all keystrokes, including password entry, are logged.
Which version of Mattermost Desktop is affected?
Mattermost Desktop version up to and including 5.4.0 is affected.
How severe is this vulnerability?
This vulnerability has a severity rating of 5.5 (medium).
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/mattermost
- canonical/mattermost mattermost desktop
- version/mattermost mattermost desktop/5.4.0