-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability arises from unnecessary macOS entitlements declared in the application's build configuration (e.g., entitlements.plist), not from specific code functions. These entitlements allowed injected code to bypass TCC protections. Since the issue is tied to entitlements declared during code signing rather than runtime code execution, no specific vulnerable functions in the codebase are implicated. The fix involved removing these entitlements, which is a configuration change, not a code function modification.
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mattermost-desktop | npm | < 5.11.0 | 5.11.0 |
KEV Misses 88% of Exploited CVEs- Get the report