Опубликовано: 08 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.3
CVSS3: 6.5
Описание
Khoj Open Redirect Vulnerability in Login Page
Summary
An attacker can use the next parameter on the login page to redirect a victim to a malicious page, while masking this using a legit-looking app.khoj.dev url.
For example, https://app.khoj.dev/login?next=//example.com will redirect to the https://example.com page.
Details
The problem seems to be in this method: https://github.com/khoj-ai/khoj/blob/2667ef45449eb408ce1d7c393be04845be31e15f/src/khoj/routers/auth.py#L95
PoC
Open the https://app.khoj.dev/login?next=//example.com url in a Gecko-based browser (Firefox).
Impact
The impact is low, and this could only be used in phishing attempts, but it's still a problem nonetheless.
Пакеты
Наименование
khoj-assistant
pip
Затронутые версииВерсия исправления
< 1.14.0
1.14.0
6.3 Medium
CVSS4
6.5 Medium
CVSS3
Дефекты
CWE-601
6.3 Medium
CVSS4
6.5 Medium
CVSS3
Дефекты
CWE-601