Mattermost Open Redirect vulnerability
Moderate severity
GitHub Reviewed
Published
Nov 27, 2023
to the GitHub Advisory Database
•
Updated Nov 28, 2023
Description
Published by the National Vulnerability Database
Nov 27, 2023
Published to the GitHub Advisory Database
Nov 27, 2023
Reviewed
Nov 28, 2023
Last updated
Nov 28, 2023
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
References