Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
References
History

Mon, 02 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-11-27T09:12:52.781Z

Updated: 2024-12-02T19:32:41.338Z

Reserved: 2023-11-20T12:06:31.671Z

Link: CVE-2023-47168

cve-icon Vulnrichment

Updated: 2024-08-02T21:01:22.877Z

cve-icon NVD

Status : Modified

Published: 2023-11-27T10:15:08.023

Modified: 2024-11-21T08:29:53.603

Link: CVE-2023-47168

cve-icon Redhat

No data.