Miggo Logo
Miggo Vulnerability Database
CVE-2023-47168

CVE-2023-47168: Mattermost Open Redirect vulnerability

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-47168
GHSA ID
GHSA-4ghx-8jw8-p76q
EPSS Score
0.35926%
CWE
CWE-601
Published
11/27/2023
Updated
11/28/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/mattermost/mattermost/server/v8go>= 9.1.0, < 9.1.19.1.1
github.com/mattermost/mattermost/server/v8go>= 9.0.0, < 9.0.29.0.2
github.com/mattermost/mattermost/server/v8go< 8.1.48.1.4
github.com/mattermost/mattermost-server/v6go< 7.8.137.8.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs in the OAuth mobile login flow where the redirect_to parameter is improperly validated. The mobileLoginHandler would be responsible for processing this parameter and generating redirect responses. The advisory specifically mentions the /oauth/{service}/mobile_login endpoint and improper validation when custom URL schemes fail, indicating the handler function for this route is where the insecure redirect occurs. While exact code isn't available, the endpoint structure and vulnerability pattern strongly suggest this is the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*tt*rmost **ils to prop*rly ****k * r**ir**t URL p*r*m*t*r *llowin* *or *n op*n r**ir**t w*s possi*l* w**n t** us*r *li*k** "***k to M*tt*rmost" **t*r provi*in* * inv*li* *ustom url s***m* in /o*ut*/{s*rvi**}/mo*il*_lo*in?r**ir**t_to=

Reasoning

T** vuln*r**ility o**urs in t** O*ut* mo*il* lo*in *low w**r* t** r**ir**t_to p*r*m*t*r is improp*rly v*li**t**. T** mo*il*Lo*in**n*l*r woul* ** r*sponsi*l* *or pro**ssin* t*is p*r*m*t*r *n* **n*r*tin* r**ir**t r*spons*s. T** **visory sp**i*i**lly m*