Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8(Go) | 0 | 8.0.0-202508080704-39bd251fe4f600 | N/A |
| github.com/mattermost/mattermost-server(Go) | 10.5.0 | 10.5.10 | N/A |
CVSS Metrics
