Описание
The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. Note: The Identity Server on 1E Platform has been updated with the necessary patch.
The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. Note: The Identity Server on 1E Platform has been updated with the necessary patch.
Связанные уязвимости
CVSS3: 4.7
nvd
больше 1 года назад
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.