CVE-2023-5339

Summary

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 5.4.0affected
MattermostMattermost5.5.0unaffected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References