CVE-2023-47168 - Vulnerability Details - OpenCVE

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00191.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mattermost	Mattermost

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost:9.1.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2876	Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
Github GHSA	GHSA-4ghx-8jw8-p76q	Mattermost Open Redirect vulnerability

Fixes

Solution

Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://mattermost.com/security-updates

History

Mon, 02 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-11-27T09:12:52.781Z

Updated: 2024-12-02T19:32:41.338Z

Reserved: 2023-11-20T12:06:31.671Z

Link: CVE-2023-47168

Vulnrichment

Updated: 2024-08-02T21:01:22.877Z

NVD

Status : Modified

Published: 2023-11-27T10:15:08.023

Modified: 2024-11-21T08:29:53.603

Link: CVE-2023-47168

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47168", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-11-20T12:06:31.671Z", "datePublished": "2023-11-27T09:12:52.781Z", "dateUpdated": "2024-12-02T19:32:41.338Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "8.1.3", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "7.8.12", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "9.0.1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "9.1.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "9.0.2"}, {"status": "unaffected", "version": "9.1.1"}, {"status": "unaffected", "version": "7.8.13"}, {"status": "unaffected", "version": "8.1.4"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "DoyenSec"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked \"Back to Mattermost\" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=</p>"}], "value": "Mattermost fails to properly check a redirect URL parameter allowing for an\u00a0open redirect was possible when the user clicked \"Back to Mattermost\" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-27T09:12:52.781Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.</p>"}], "value": "Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00252", "defect": ["https://mattermost.atlassian.net/browse/MM-54488"], "discovery": "EXTERNAL"}, "title": "Open redirect in /oauth/<service>/mobile_login?redirect_to=", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.877Z"}, "title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-02T19:32:32.997484Z", "id": "CVE-2023-47168", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:32:41.338Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.877Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47168", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-02T19:32:32.997484Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:32:36.894Z"}}], "cna": {"title": "Open redirect in /oauth/<service>/mobile_login?redirect_to=", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-54488"], "advisory": "MMSA-2023-00252", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "DoyenSec"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8.1.3"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.8.12"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.0.1"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.1.0"}, {"status": "unaffected", "version": "9.0.2"}, {"status": "unaffected", "version": "9.1.1"}, {"status": "unaffected", "version": "7.8.13"}, {"status": "unaffected", "version": "8.1.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Mattermost fails to properly check a redirect URL parameter allowing for an\u00a0open redirect was possible when the user clicked \"Back to Mattermost\" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked \"Back to Mattermost\" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-27T09:12:52.781Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47168", "state": "PUBLISHED", "dateUpdated": "2024-12-02T19:32:41.338Z", "dateReserved": "2023-11-20T12:06:31.671Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2023-11-27T09:12:52.781Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAEFCB9C-4CFC-4C2D-B53D-4A1E9B54E744", "versionEndIncluding": "7.8.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CFE72E8-D2A6-4994-88F6-2B04DB413631", "versionEndIncluding": "8.1.3", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF5E1B7D-7237-4464-9873-0A85C80CC76A", "versionEndIncluding": "9.0.1", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D960BDC-FB30-4112-B1CC-219D1EC32145", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mattermost fails to properly check a redirect URL parameter allowing for an\u00a0open redirect was possible when the user clicked \"Back to Mattermost\" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=\n\n"}, {"lang": "es", "value": "Mattermost no verifica correctamente un par\u00e1metro de URL de redireccionamiento que permit\u00eda una redirecci\u00f3n abierta cuando el usuario hizo clic en \"Volver a Mattermost\" despu\u00e9s de proporcionar un esquema de URL personalizado no v\u00e1lido en /oauth/{service}/mobile_login?redirect_to="}], "id": "CVE-2023-47168", "lastModified": "2024-11-21T08:29:53.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-27T10:15:08.023", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}