905851 – (CVE-2023-2000, MMSA-2023-00142) <net-im/mattermost-desktop-bin-5.3.0: arbitrary redirect

Bug 905851 (CVE-2023-2000, MMSA-2023-00142) - <net-im/mattermost-desktop-bin-5.3.0: arbitrary redirect

Summary: <net-im/mattermost-desktop-bin-5.3.0: arbitrary redirect

Status:	RESOLVED FIXED

Alias:	CVE-2023-2000, MMSA-2023-00142

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://mattermost.com/security-updates
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2023-05-07 03:56 UTC by John Helmert III
Modified:	2023-05-23 04:32 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-05-07 03:56:14 UTC

CVE-2023-2000:

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

Please cleanup, thanks!

Comment 1 Larry the Git Cow gentoo-dev

2023-05-07 06:59:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11e614b833b270fabe1bdf5f9986dbcdea3bc717

commit 11e614b833b270fabe1bdf5f9986dbcdea3bc717
Author:     Viorel Munteanu <ceamac@gentoo.org>
AuthorDate: 2023-05-07 06:57:43 +0000
Commit:     Viorel Munteanu <ceamac@gentoo.org>
CommitDate: 2023-05-07 06:57:43 +0000

    net-im/mattermost-desktop-bin: drop 5.2.2
    
    Bug: https://bugs.gentoo.org/905851
    Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>

 net-im/mattermost-desktop-bin/Manifest             |  2 -
 .../mattermost-desktop-bin-5.2.2.ebuild            | 91 ----------------------
 2 files changed, 93 deletions(-)

Comment 2 John Helmert III archtester

2023-05-23 04:32:29 UTC

Thanks! All done.