-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe vulnerability occurs in the OAuth mobile login flow where the redirect_to parameter is improperly validated. The mobileLoginHandler would be responsible for processing this parameter and generating redirect responses. The advisory specifically mentions the /oauth/{service}/mobile_login endpoint and improper validation when custom URL schemes fail, indicating the handler function for this route is where the insecure redirect occurs. While exact code isn't available, the endpoint structure and vulnerability pattern strongly suggest this is the vulnerable function.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8 | go | >= 9.1.0, < 9.1.1 | 9.1.1 |
| github.com/mattermost/mattermost/server/v8 | go | >= 9.0.0, < 9.0.2 | 9.0.2 |
| github.com/mattermost/mattermost/server/v8 |
| go |
| < 8.1.4 |
| 8.1.4 |
| github.com/mattermost/mattermost-server/v6 | go | < 7.8.13 | 7.8.13 |
Ongoing coverage of React2Shell