Mattermost Desktop App allows for bypassing TCC restrictions on macOS · CVE-2024-36287 · GitHub Advisory Database · GitHub

Mattermost Desktop App allows for bypassing TCC restrictions on macOS

Low severity GitHub Reviewed Published Jun 14, 2024 to the GitHub Advisory Database • Updated Jun 17, 2024

Package

mattermost-desktop (npm)

Affected versions

< 5.8.0

Patched versions

5.8.0

Description

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.

References

Published by the National Vulnerability Database

Jun 14, 2024

Published to the GitHub Advisory Database Jun 14, 2024

Reviewed Jun 17, 2024

Last updated Jun 17, 2024

Severity

Low

3.8

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N