CVE-2023-47168: URL Redirection to Untrusted Site ('Open Redirect')

November 27, 2023 (updated November 28, 2023)

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked “Back to Mattermost” after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

References

github.com/advisories/GHSA-4ghx-8jw8-p76q
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-47168

Code Behaviors & Features

Detect and mitigate CVE-2023-47168 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →