Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
References
| Link | Resource |
|---|---|
| https://mattermost.com/security-updates | Vendor Advisory |
| https://mattermost.com/security-updates | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:29
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| References | () https://mattermost.com/security-updates - Vendor Advisory |
01 Dec 2023, 21:24
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
|
| First Time |
Mattermost
Mattermost mattermost |
|
| CWE | CWE-601 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| References | () https://mattermost.com/security-updates - Vendor Advisory |
27 Nov 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-27 10:15
Updated : 2024-11-21 08:29
NVD link : CVE-2023-47168
Mitre link : CVE-2023-47168
CVE.ORG link : CVE-2023-47168
JSON object : View
Products Affected
mattermost
- mattermost
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')