CVE-2023-2000

CWE-601 — Open RedirectCWE-1341CWE-82126 documents7 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 57.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost MattermostMattermost Mattermost Desktop
Timeline
PublishedMay 2
Latest updateOct 22

Description

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

â–¶CVEListV5mattermost/mattermost5.2.2

🔴Vulnerability Details

3
OSV
ring-buffer: Do not swap cpu_buffer during resize process↗2025-10-22
â–¶
GHSA
GHSA-c2w9-hhfq-2xq9: Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website↗2023-07-06
â–¶
CVEList
Unrestricted navigation due to unvalidated mattermost server redirection↗2023-05-02
â–¶

💥Exploits & PoCs

1
Exploit-DB
Media Library Assistant Wordpress Plugin - RCE and LFI↗2023-10-09
â–¶

📋Vendor Advisories

19
Chrome
Stable Channel Update for Desktop: CVE-2025-0440↗2025-01-14
â–¶
Chrome
Stable Channel Update for Desktop: CVE-2024-3845↗2024-04-16
â–¶
Chrome
Stable Channel Update for Desktop: CVE-2024-2629↗2024-03-19
â–¶
Chrome
Stable Channel Update for Desktop: CVE-2023-6510↗2023-12-05
â–¶
Chrome
Stable Channel Update for Desktop: CVE-2023-5485↗2023-10-10
â–¶
CVE-2023-2000 (MEDIUM CVSS 5.4) | Mattermost Desktop App fails to val | cvebase.io