Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Mon, 02 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-11-27T09:12:52.781Z
Updated: 2024-12-02T19:32:41.338Z
Reserved: 2023-11-20T12:06:31.671Z
Link: CVE-2023-47168
Vulnrichment
Updated: 2024-08-02T21:01:22.877Z
NVD
Status : Modified
Published: 2023-11-27T10:15:08.023
Modified: 2024-11-21T08:29:53.603
Link: CVE-2023-47168
Redhat
No data.