Описание
Central Dogma's Login Function Has an Open Redirect Vulnerability
Impact
Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance.
Patches
This vulnerability is addressed and resolved in Central Dogma version 0.78.0. The server operators who run Central Dogma server with Shiro authentication are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the open redirect vulnerability.
Workarounds
Implement AuthProvider to overrides webLoginService().
References
Пакеты
com.linecorp.centraldogma:centraldogma-server-auth-shiro
< 0.78.0
0.78.0
Связанные уязвимости
Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to untrusted sites via specially crafted URLs, potentially facilitating phishing attacks and credential theft.