{"id":"CVE-2023-47168","details":"Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked \"Back to Mattermost\" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=\n\n","aliases":["GHSA-4ghx-8jw8-p76q"],"modified":"2026-03-01T02:20:16.570591Z","published":"2023-11-27T10:15:08.023Z","related":["CGA-qw8g-92hj-xmxv"],"references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"0"},{"last_affected":"b69ff7d1038609a4a29a7db104679d21da10ad09"},{"introduced":"90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7"},{"last_affected":"4fe1024a51f22f239c19c33838dbdcf7589b7b94"},{"introduced":"987e843629fe3f11861fda23ceb66884f5973ef1"},{"last_affected":"77f094c7ee8c7a00be01c2df72f948a62c690b66"}]}],"versions":["@mattermost/client@9.0.0","@mattermost/types@9.0.0","v9.0.0","v9.0.0-rc2","v9.0.1","v9.0.1-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47168.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}