Mattermost Open Redirect Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an open redirect vulnerability that occurs when a user clicks "Back to Mattermost" after providing an invalid custom URL scheme in /oauth/{service}/mobile_login?redirect_to=, which does not properly check the allowed open redirect URL parameters. the redirect URL parameter that allows open redirects is not properly checked. An attacker could use this vulnerability to redirect a user to a malicious website for phishing or other…Read More