Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-47168

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

Published

2023-11-27T10:15:08.023

Last Modified

2024-11-21T08:29:53.603

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-601
  • Type: Primary
    CWE-601
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mattermost mattermost ≤ 7.8.12 Yes
Application mattermost mattermost ≤ 8.1.3 Yes
Application mattermost mattermost ≤ 9.0.1 Yes
Application mattermost mattermost 9.1.0 Yes
References