CVE-2023-47168

CVSS V2 None CVSS V3 None
Description
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
Overview
  • CVE ID
  • CVE-2023-47168
  • Assigner
  • Mattermost
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-11-27T09:12:52.781Z
  • Last Modified Date
  • 2023-11-27T09:12:52.781Z
Weakness Enumerations
CWE URL
CWE-601 http://cwe.mitre.org/data/definitions/601.html
References
Reference URL Reference Tags
https://mattermost.com/security-updates
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-47168
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47168
History
Created Old Value New Value Data Type Notes
2024-06-25 09:09:04 Added to TrackCVE