CWE-601
AllowedURL Redirection to Untrusted Site ('Open Redirect')
Abstraction: Base · Status: Draft
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
2310 vulnerabilities reference this CWE, most recent first.
CVE-2024-8555 (GCVE-0-2024-8555)
Vulnerability from cvelistv5 – Published: 2024-09-07 14:31 – Updated: 2024-09-09 15:13- CWE-601 - Open Redirect
| URL | Tags |
|---|---|
| https://vuldb.com/?id.276774 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.276774 | signaturepermissions-required |
| https://vuldb.com/?submit.402386 | third-party-advisory |
| https://github.com/gurudattch/CVEs/blob/main/Sour… | exploit |
| https://www.sourcecodester.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Clinics Patient Management System |
Affected:
2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T15:13:39.522776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T15:13:49.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Clinics Patient Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "guru (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in SourceCodester Clinics Patient Management System 2.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei congratulations.php. Durch die Manipulation des Arguments goto_page mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-07T14:31:04.341Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276774 | SourceCodester Clinics Patient Management System congratulations.php redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276774"
},
{
"name": "VDB-276774 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276774"
},
{
"name": "Submit #402386 | SourceCodester Clinics Patient Management System 2.0 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.402386"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic\u0027s-Patient-Management-System-Open-Redirect.md"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-06T23:27:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Clinics Patient Management System congratulations.php redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8555",
"datePublished": "2024-09-07T14:31:04.341Z",
"dateReserved": "2024-09-06T21:22:40.504Z",
"dateUpdated": "2024-09-09T15:13:49.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8527 (GCVE-0-2024-8527)
Vulnerability from cvelistv5 – Published: 2025-11-19 13:17 – Updated: 2025-11-19 16:05- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| Vendor | Product | Version | |
|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
6.0 , ≤ 9.0
(semver)
|
|
| Carrier | i-Vu |
Affected:
6.0 , ≤ 9.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:04:40.466031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:05:46.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaryl Low"
},
{
"lang": "en",
"type": "finder",
"value": "Thuy D. Nguyen"
},
{
"lang": "en",
"type": "finder",
"value": "Cynthia E. Irvine"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions."
}
],
"value": "Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T13:17:01.911Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu. \u0026nbsp;\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-8527",
"datePublished": "2025-11-19T13:17:01.911Z",
"dateReserved": "2024-09-06T16:01:32.884Z",
"dateUpdated": "2025-11-19T16:05:46.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8526 (GCVE-0-2024-8526)
Vulnerability from cvelistv5 – Published: 2024-11-21 15:29 – Updated: 2024-11-21 17:38 Unsupported When Assigned- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| URL | Tags |
|---|---|
| https://www.corporate.carrier.com/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-advisories/ | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Automated Logic, a Carrier company | WebCTRL |
Affected:
7.0
|
|
| Carrier | i-Vu |
Affected:
7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T17:38:21.418183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T17:38:33.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebCTRL",
"vendor": "Automated Logic, a Carrier company",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously\ncrafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection\nof the user to a malicious webpage via \"index.jsp\""
}
],
"value": "A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously\ncrafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection\nof the user to a malicious webpage via \"index.jsp\""
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:29:55.681Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue was fixed at version 8.0. It is recommended that customers upgrade their software to the latest supported version."
}
],
"value": "This issue was fixed at version 8.0. It is recommended that customers upgrade their software to the latest supported version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Automated Logic WebCTRL and Carrier i-Vu Open Redirect",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-8526",
"datePublished": "2024-11-21T15:29:55.681Z",
"dateReserved": "2024-09-06T16:01:31.447Z",
"dateUpdated": "2024-11-21T17:38:33.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8412 (GCVE-0-2024-8412)
Vulnerability from cvelistv5 – Published: 2024-09-04 15:31 – Updated: 2024-09-04 15:43- CWE-601 - Open Redirect
| URL | Tags |
|---|---|
| https://vuldb.com/?id.276492 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.276492 | signaturepermissions-required |
| https://vuldb.com/?submit.400792 | third-party-advisory |
| https://github.com/LinuxOSsk/Shakal-NG/issues/202 | issue-tracking |
| https://github.com/LinuxOSsk/Shakal-NG/issues/202… | issue-tracking |
| https://github.com/LinuxOSsk/Shakal-NG/commit/ebd… | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:43:41.630977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:43:55.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Shakal-NG",
"vendor": "LinuxOSsk",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zihe (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LinuxOSsk Shakal-NG bis 1.3.3 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei comments/views.py. Durch das Manipulieren des Arguments next mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als ebd1c2cba59cbac198bf2fd5a10565994d4f02cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:31:04.200Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276492 | LinuxOSsk Shakal-NG views.py redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276492"
},
{
"name": "VDB-276492 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276492"
},
{
"name": "Submit #400792 | LinuxOSsk Shakal-NG 1.3.3 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.400792"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202#issuecomment-2325187434"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LinuxOSsk/Shakal-NG/commit/ebd1c2cba59cbac198bf2fd5a10565994d4f02cb"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-04T10:48:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "LinuxOSsk Shakal-NG views.py redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8412",
"datePublished": "2024-09-04T15:31:04.200Z",
"dateReserved": "2024-09-04T08:43:35.617Z",
"dateUpdated": "2024-09-04T15:43:55.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8148 (GCVE-0-2024-8148)
Vulnerability from cvelistv5 – Published: 2024-10-04 17:11 – Updated: 2025-04-10 19:11- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| Vendor | Product | Version | |
|---|---|---|---|
| Esri | Portal for ArcGIS |
Affected:
all , ≤ 11.2
(all)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T19:50:26.296315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T19:51:03.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Portal for ArcGIS",
"vendor": "Esri",
"versions": [
{
"lessThanOrEqual": "11.2",
"status": "affected",
"version": "all",
"versionType": "all"
}
]
}
],
"datePublic": "2024-10-04T17:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
}
],
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-543",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-543 Counterfeit Websites"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T19:11:58.566Z",
"orgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"shortName": "Esri"
},
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/"
}
],
"source": {
"defect": [
"BUG-000168624"
],
"discovery": "UNKNOWN"
},
"title": "BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"assignerShortName": "Esri",
"cveId": "CVE-2024-8148",
"datePublished": "2024-10-04T17:11:43.279Z",
"dateReserved": "2024-08-25T00:40:14.944Z",
"dateUpdated": "2025-04-10T19:11:58.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8021 (GCVE-0-2024-8021)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-03-20 13:11- CWE-601 - URL Redirection to Untrusted Site
| Vendor | Product | Version | |
|---|---|---|---|
| gradio-app | gradio-app/gradio |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T13:11:00.429202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:11:17.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gradio-app/gradio",
"vendor": "gradio-app",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:11:13.192Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888"
}
],
"source": {
"advisory": "adc23067-ec04-47ef-9265-afd452071888",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in gradio-app/gradio"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-8021",
"datePublished": "2025-03-20T10:11:13.192Z",
"dateReserved": "2024-08-20T17:33:25.137Z",
"dateUpdated": "2025-03-20T13:11:17.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7941 (GCVE-0-2024-7941)
Vulnerability from cvelistv5 – Published: 2024-08-27 12:57 – Updated: 2024-08-27 13:12- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA SYS600 |
Affected:
10.0 , ≤ 10.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T13:12:50.479278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:12:59.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An HTTP parameter may contain a URL value and could cause\nthe web application to redirect the request to the specified URL.\nBy modifying the URL value to a malicious site, an attacker may\nsuccessfully launch a phishing scam and steal user credentials."
}
],
"value": "An HTTP parameter may contain a URL value and could cause\nthe web application to redirect the request to the specified URL.\nBy modifying the URL value to a malicious site, an attacker may\nsuccessfully launch a phishing scam and steal user credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-98 Phishing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T12:57:55.044Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-7941",
"datePublished": "2024-08-27T12:57:55.044Z",
"dateReserved": "2024-08-19T14:56:28.496Z",
"dateUpdated": "2024-08-27T13:12:59.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7902 (GCVE-0-2024-7902)
Vulnerability from cvelistv5 – Published: 2024-08-17 22:00 – Updated: 2024-08-19 13:44- CWE-601 - Open Redirect
| URL | Tags |
|---|---|
| https://vuldb.com/?id.274910 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.274910 | signaturepermissions-required |
| https://vuldb.com/?submit.388216 | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:44:12.621757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:44:20.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ojs",
"vendor": "pkp",
"versions": [
{
"status": "affected",
"version": "3.4.0-6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "KaioGomes (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in pkp ojs bis 3.4.0-6 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /login/signOut. Durch das Beeinflussen des Arguments source mit der Eingabe .example.com mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-17T22:00:04.738Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274910 | pkp ojs signOut redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.274910"
},
{
"name": "VDB-274910 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274910"
},
{
"name": "Submit #388216 | Open Journal Systems Latest Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.388216"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-16T23:21:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "pkp ojs signOut redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7902",
"datePublished": "2024-08-17T22:00:04.738Z",
"dateReserved": "2024-08-16T21:14:31.836Z",
"dateUpdated": "2024-08-19T13:44:20.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7428 (GCVE-0-2024-7428)
Vulnerability from cvelistv5 – Published: 2024-08-23 17:05 – Updated: 2024-08-23 18:58- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText™ | Network Node Manager i (NNMi) |
Affected:
2022.11
Affected: 2023.05 Affected: 23.4 Affected: 24.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T18:57:53.167257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T18:58:01.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Network Node Manager i (NNMi)",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "2022.11"
},
{
"status": "affected",
"version": "2023.05"
},
{
"status": "affected",
"version": "23.4"
},
{
"status": "affected",
"version": "24.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in OpenText\u2122 Network Node Manager i (NNMi) allows URL Redirector Abuse.\u003cp\u003eThis issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.\u003c/p\u003e"
}
],
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in OpenText\u2122 Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2."
}
],
"impacts": [
{
"capecId": "CAPEC-371",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-371 URL Redirector Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:N/R:A/V:C/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T17:05:35.345Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000033015?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000033015?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000033015?language=en_US\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://portal.microfocus.com/s/article/KM000033015?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Open Redirect issues affect OpenText\u2122 Network Node Manager i (NNMi).",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-7428",
"datePublished": "2024-08-23T17:05:35.345Z",
"dateReserved": "2024-08-02T16:13:38.307Z",
"dateUpdated": "2024-08-23T18:58:01.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7312 (GCVE-0-2024-7312)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:28 – Updated: 2024-09-11 19:32- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| URL | Tags |
|---|---|
| https://docs.payara.fish/enterprise/docs/5.67.0/R… | release-notes |
| https://docs.payara.fish/enterprise/docs/Release%… | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Payara Platform | Payara Server |
Affected:
6.0.0 , < 6.18.0
(semver)
Affected: 6.2022.1 , < 6.2024.9 (semver) Affected: 5.2020.2 , < 5.2022.5 (semver) Affected: 5.20.0 , < 5.67.0 (semver) Affected: 4.1.2.191.0 , < 4.1.2.191.50 (custom) |
|
| payara | payara |
Affected:
6.0.0 , < 6.18.0
(semver)
Affected: 6.2022.1 , < 6.2024.6 (semver) Affected: 5.2020.2 , < 5.2022.5 (semver) Affected: 4.1.2.191.0 , < 4.1.2.191.50 (semver) cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unknown",
"product": "payara",
"vendor": "payara",
"versions": [
{
"lessThan": "6.18.0",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThan": "6.2024.6",
"status": "affected",
"version": "6.2022.1",
"versionType": "semver"
},
{
"lessThan": "5.2022.5",
"status": "affected",
"version": "5.2020.2",
"versionType": "semver"
},
{
"lessThan": "4.1.2.191.50",
"status": "affected",
"version": "4.1.2.191.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:12:12.528111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:15:38.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"REST Management Interface"
],
"product": "Payara Server",
"vendor": "Payara Platform",
"versions": [
{
"lessThan": "6.18.0",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThan": "6.2024.9",
"status": "affected",
"version": "6.2022.1",
"versionType": "semver"
},
{
"lessThan": "5.2022.5",
"status": "affected",
"version": "5.2020.2",
"versionType": "semver"
},
{
"lessThan": "5.67.0",
"status": "affected",
"version": "5.20.0",
"versionType": "semver"
},
{
"lessThan": "4.1.2.191.50",
"status": "affected",
"version": "4.1.2.191.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.\u003cp\u003eThis issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.\u003c/p\u003e"
}
],
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T19:32:42.844Z",
"orgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
"shortName": "Payara"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html"
}
],
"source": {
"discovery": "UPSTREAM"
},
"title": "REST Interface Link Redirection via Host parameter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
"assignerShortName": "Payara",
"cveId": "CVE-2024-7312",
"datePublished": "2024-09-11T15:28:43.452Z",
"dateReserved": "2024-07-30T20:07:31.604Z",
"dateUpdated": "2024-09-11T19:32:42.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- Use a list of approved URLs or domains to be used for redirection.
Mitigation
Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
Mitigation MIT-21.2
Strategy: Enforcement by Conversion
- When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
- For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Mitigation
Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).
Mitigation MIT-6
Strategy: Attack Surface Reduction
- Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
- Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-178: Cross-Site Flashing
An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.