Описание
Mattermost Open Redirect vulnerability
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9072
- https://github.com/mattermost/mattermost/commit/13cd76009d31754db46115bddef5287a8a29871a
- https://github.com/mattermost/mattermost/commit/9eebaadf8f720788e99b6997337c8df330271326
- https://github.com/mattermost/mattermost/commit/fda403fb6ec41bea8780bff198a26860f105e6e5
- https://mattermost.com/security-updates
Пакеты
github.com/mattermost/mattermost-server
>= 10.10.0, < 10.10.2
10.10.2
github.com/mattermost/mattermost-server
>= 10.5.0, < 10.5.10
10.5.10
github.com/mattermost/mattermost-server
>= 10.9.0, < 10.9.5
10.9.5
github.com/mattermost/mattermost/server/v8
< 8.0.0-20250731063404-9eebaadf8f72
8.0.0-20250731063404-9eebaadf8f72
Связанные уязвимости
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10 ...
Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю проводить фишинг-атаки