CVE-2025-13321

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13321

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13321.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-13321

Aliases

GHSA-g6qx-wq5w-wr8v

Published

2025-12-17T19:16:00.927Z

Modified

2026-03-12T17:36:28.518829Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/desktop

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/desktop

Events

Introduced

Fixed

dd2c7c4b66d726250980171a113a8764ab8f8777

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.0"
        }
    ]
}

Affected versions

4.*

4.7.0-beta

Other

beta2

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.5.1

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.3.0-rc1

v1.3.0-rc2

v3.*

v3.4.0

v3.4.1

v3.5.0

v3.6.0

v3.7.0

v3.7.1

v4.*

v4.0.0

v4.0.1

v4.1.0

v4.1.1

v4.1.2

v4.2.0

v4.7.0-beta2

v6.*

v6.0.0-rc.1

v6.0.0-rc.2

v6.0.0-rc.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13321.json"