Refine your search
6 vulnerabilities found for mattermost_desktop by mattermost
CVE-2025-13326 (GCVE-0-2025-13326)
Vulnerability from nvd
Published
2025-12-17 18:14
Modified
2025-12-17 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - Protection Mechanism Failure
Summary
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Version: 0 ≤ 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:52:17.808716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:30.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karmaz95"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions \u003c6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:14:14.131Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Desktop App to versions 6.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00504",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64731"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-13326",
"datePublished": "2025-12-17T18:14:14.131Z",
"dateReserved": "2025-11-17T17:28:35.075Z",
"dateUpdated": "2025-12-17T19:29:30.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13321 (GCVE-0-2025-13321)
Vulnerability from nvd
Published
2025-12-17 18:14
Modified
2025-12-17 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log Files
Summary
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Version: 0 ≤ 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:52:32.074659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:49.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions \u003c6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:14:12.745Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Desktop App to versions 6.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00520",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65010"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop App logging sensitive information and fails to clear data on server deletion"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-13321",
"datePublished": "2025-12-17T18:14:12.745Z",
"dateReserved": "2025-11-17T15:51:49.044Z",
"dateUpdated": "2025-12-17T19:29:49.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55035 (GCVE-0-2025-55035)
Vulnerability from nvd
Published
2025-10-16 15:18
Modified
2025-10-16 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Version: 0 ≤ 5.0.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T16:27:19.505025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T16:28:05.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.0.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Desktop App versions \u0026lt;=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.\u003c/p\u003e"
}
],
"value": "Mattermost Desktop App versions \u003c=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:18:25.389Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop App to versions 5.13.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop App to versions 5.13.1 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00515",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64950"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop DoS when user has basic authentication server configured",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-55035",
"datePublished": "2025-10-16T15:18:25.389Z",
"dateReserved": "2025-09-11T18:33:39.530Z",
"dateUpdated": "2025-10-16T16:28:05.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58084 (GCVE-0-2025-58084)
Vulnerability from nvd
Published
2025-10-13 19:57
Modified
2025-10-14 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Summary
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Version: 0 ≤ 5.13.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:28:39.740317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:28:52.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.13.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(227, 228, 232, 0.04);\"\u003eMattermost Desktop App versions \u0026lt;= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user\u0027s application by sending the user a malformed URL.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Mattermost Desktop App versions \u003c= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user\u0027s application by sending the user a malformed URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T19:57:23.997Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop App to versions 5.13.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop App to versions 5.13.1 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00514",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64948"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop App crashes when clicking on malformed external URL",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-58084",
"datePublished": "2025-10-13T19:57:23.997Z",
"dateReserved": "2025-09-11T18:33:39.540Z",
"dateUpdated": "2025-10-14T14:28:52.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13326 (GCVE-0-2025-13326)
Vulnerability from cvelistv5
Published
2025-12-17 18:14
Modified
2025-12-17 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - Protection Mechanism Failure
Summary
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Version: 0 ≤ 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:52:17.808716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:30.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karmaz95"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions \u003c6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:14:14.131Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Desktop App to versions 6.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00504",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64731"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-13326",
"datePublished": "2025-12-17T18:14:14.131Z",
"dateReserved": "2025-11-17T17:28:35.075Z",
"dateUpdated": "2025-12-17T19:29:30.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13321 (GCVE-0-2025-13321)
Vulnerability from cvelistv5
Published
2025-12-17 18:14
Modified
2025-12-17 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log Files
Summary
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Version: 0 ≤ 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:52:32.074659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:49.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions \u003c6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:14:12.745Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Desktop App to versions 6.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00520",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65010"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop App logging sensitive information and fails to clear data on server deletion"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-13321",
"datePublished": "2025-12-17T18:14:12.745Z",
"dateReserved": "2025-11-17T15:51:49.044Z",
"dateUpdated": "2025-12-17T19:29:49.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}