Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inadequate validation of SSO redirect credentials permits credential theft
Vulnerability Description
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Mattermost Mobile Apps 安全漏洞
Vulnerability Description
Mattermost Mobile Apps是美国Mattermost公司的一款消息传递移动应用程序。 Mattermost Mobile Apps 2.32.0及之前版本存在安全漏洞,该漏洞源于未验证SSO重定向令牌来源,可能导致获取用户会话凭据。
CVSS Information
N/A
Vulnerability Type
N/A