mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/{service}/mobile_login?redirect_to=, once a user clicks "Back to mattermost". The attacker can bypass protection mechanism or gain privileges by exploiting this…Read More