Primary

Context

Mattermost SAML Redirect Vulnerability Leading to Cookie Theft

Vulnerability

Patched

A vulnerability exists in Mattermost versions 10.10.x prior to 10.10.1, 10.5.x prior to 10.5.9, and 10.9.x prior to 10.9.4. These versions fail to properly validate the redirect_to parameter, allowing attackers to create malicious links. When a user authenticates via SAML, these links can capture and send the user's cookies to an attacker-controlled URL.

Impact

Exploitation of this vulnerability allows for the theft of user cookies, which could be used to hijack user sessions.

Remediation

Users can upgrade to Mattermost versions 10.11.010.10.2, 10.11.010.5.10, or 10.11.010.9.5 to address this vulnerability.

Added: Sep 15, 2025, 11:17 AM

Updated: Sep 15, 2025, 10:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.8

exploitability

6.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.8

exploitability

6.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost SAML Redirect Vulnerability Leading to Cookie Theft

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating