CVE-2025-13321
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_desktop | to 6.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Mattermost Desktop App to version 6.0.0 or later, as versions prior to 6.0.0 fail to sanitize sensitive information from logs and do not clear data on server deletion. Additionally, restrict access to the user's system to prevent unauthorized access to application logs.
Can you explain this vulnerability to me?
Mattermost Desktop App versions prior to 6.0.0 do not properly sanitize sensitive information from application logs and fail to clear data when a server is deleted. This flaw allows an attacker who has access to the user's system to read the application logs and potentially obtain sensitive information.
How can this vulnerability impact me? :
An attacker with access to your system could exploit this vulnerability to read Mattermost application logs that contain sensitive information. This could lead to unauthorized disclosure of sensitive data stored in the logs.