URL Redirection to Untrusted Site ('Open Redirect') Affecting github.com/mattermost/mattermost/server/v8 package, versions <8.1.4 >=9.1.0 <9.1.1 >=9.0.0 <9.0.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERV8-6094997
- published 29 Nov 2023
- disclosed 27 Nov 2023
- credit Unknown
Introduced: 27 Nov 2023
CVE-2023-47168 Open this link in a new tabHow to fix?
Upgrade github.com/mattermost/mattermost/server/v8 to version 8.1.4, 9.1.1, 9.0.2 or higher.
Overview
Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to the improper validation of a redirect URL parameter, an attacker can manipulate the redirection process to lead users to unintended and potentially malicious websites by providing an invalid custom URL scheme in the /oauth/{service}/mobile_login?redirect_to= endpoint. This is only exploitable if the user clicks on the "Back to Mattermost" button after the invalid custom URL scheme has been provided.