CVE-2023-47168

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-47168

Severity

Unknown

Description

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

References

https://images.chainguard.dev/security/CGA-pm4x-9vp6-3qxj
https://github.com/advisories/GHSA-4ghx-8jw8-p76q
https://images.chainguard.dev/security/CGA-jmv6-vqxm-fxh2
https://images.chainguard.dev/security/CGA-gcwq-33q3-grc6
https://images.chainguard.dev/security/CGA-pcfm-cxfm-4xm5
https://images.chainguard.dev/security/CGA-wm34-wvq4-h7p2
https://images.chainguard.dev/security/CGA-9xm5-8qfv-jc5h
https://images.chainguard.dev/security/CGA-rmv6-gv8r-23fq
https://images.chainguard.dev/security/CGA-rx2m-89q8-26p8
https://images.chainguard.dev/security/CGA-pw3x-36cm-5xwj
https://images.chainguard.dev/security/CGA-x2jx-jqq9-rpf4
https://images.chainguard.dev/security/CGA-rp8j-fq5r-pfrh
https://images.chainguard.dev/security/CGA-qrfq-wq66-wm32
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-47168

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources