Описание
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.1 (включая)
Одно из
cpe:2.3:a:blackboard:blackboard_learn:*:*:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learn:9.1:q2_2016:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learn:9.1:q2_2017:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learn:9.1:q4_2015:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learn:9.1:q4_2016:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learn:9.1:q4_2017:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00278
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
EPSS
Процентиль: 51%
0.00278
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-20