CVE-2023-5339

CWE-200Information ExposureCWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 77.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost MattermostMattermost Mattermost Desktop
Timeline
PublishedOct 17

Description

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

CVEListV5mattermost/mattermost5.4.0

🔴Vulnerability Details

2
GHSA
GHSA-v725-xj67-9v99: Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including pas2023-10-17
CVEList
Mattermost Desktop logs all keystrokes during initial run after fresh installation2023-10-17
CVE-2023-5339 (MEDIUM CVSS 5.5) | Mattermost Desktop fails to set an | cvebase.io