CVE-2017-7266

Опубликовано: 26 мар. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

Ссылки

http://www.securityfocus.com/bid/97088
https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
Patch
Third Party Advisory
https://github.com/Netflix/security_monkey/pull/482
Third Party Advisory
https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
Release Notes
Third Party Advisory
http://www.securityfocus.com/bid/97088
https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
Patch
Third Party Advisory
https://github.com/Netflix/security_monkey/pull/482
Third Party Advisory
https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netflix:security_monkey:*:*:*:*:*:*:*:*

Версия до 0.7.0 (включая)

EPSS

Процентиль: 47%

0.00244

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-j6jq-3q8p-xgg6