CVE-2023-47168
27.11.2023, 10:15
Mattermost fails to properly check a redirect URL parameter allowing for anopen redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost | 𝑥 ≤ 7.8.12 |
| mattermost | mattermost | 8.0.0 ≤ 𝑥 ≤ 8.1.3 |
| mattermost | mattermost | 9.0.0 ≤ 𝑥 ≤ 9.0.1 |
| mattermost | mattermost | 9.1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration