CVE-2023-5875 - OpenCVE

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mattermost	Mattermost Desktop

Configuration 1 [-]

cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-11-02T08:27:05.082Z

Updated: 2023-11-02T08:27:05.082Z

Reserved: 2023-10-31T10:43:53.126Z

Link: CVE-2023-5875

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-02T09:15:08.617

Modified: 2023-11-09T17:46:53.457

Link: CVE-2023-5875

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5875", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-10-31T10:43:53.126Z", "datePublished": "2023-11-02T08:27:05.082Z", "dateUpdated": "2023-11-02T08:27:05.082Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost Desktop", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "5.5.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "5.5.1"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "DoyenSec"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"}], "value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-02T08:27:05.082Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Desktop to versions 5.5.1 or higher.</p>"}], "value": "Update Mattermost Desktop to versions 5.5.1 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00251", "defect": ["https://mattermost.atlassian.net/browse/MM-54464"], "discovery": "EXTERNAL"}, "title": "Lack of Hardening against media exploitation from a remote origin", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C60BC63-A71E-4E6A-B0AD-29F802287757", "versionEndExcluding": "5.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mattermost Desktop fails to correctly\u00a0handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server"}, {"lang": "es", "value": "Mattermost Desktop no maneja correctamente los permisos ni solicita el consentimiento del usuario en ciertos permisos confidenciales, lo que permite la explotaci\u00f3n de medios desde un servidor de Mattermost malicioso."}], "id": "CVE-2023-5875", "lastModified": "2023-11-09T17:46:53.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2023-11-02T09:15:08.617", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-693"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}