CVE-2023-5920: 
Node.js vulnerability analysis and mitigation

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input (NVD). The vulnerability was discovered and disclosed in November 2023, affecting Mattermost Desktop versions up to (excluding) 5.5.1 on macOS systems.

The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability stems from the application's failure to implement macOS's secure keyboard input functionality, which is designed to prevent other processes from intercepting keyboard input (NVD).

The primary impact of this vulnerability is the potential exposure of sensitive information through keyboard input. Local processes on the affected system could potentially read keyboard input intended for the Mattermost Desktop application, including sensitive information such as passwords or private messages (NVD).

Users should upgrade to Mattermost Desktop version 5.5.1 or later to address this vulnerability. The fix has been implemented in this version to properly utilize macOS's secure keyboard input functionality (Mattermost Security Updates).