Protection Mechanism Failure

CVE-2023-5875

Medium

5.3/10

Summary

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server. This issue affects versions prior to 5.5.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-693 - Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

Advisory
MMSA-2023-00251

Advisory Timeline

Published Nov 02, 2023

Protection Mechanism Failure

CVE-2023-5875

Summary

CWE-693 - Protection Mechanism Failure

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS