2023-11-27 09:12:52
Mattermost
PUBLISHED
Mattermost fails to properly check a redirect URL parameter allowing for anĀ open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=