Описание
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 1.4 (исключая)Версия до 1.9.3 (исключая)Версия до 1.10.1 (исключая)Версия до 1.10.2 (исключая)Версия до 3.7 (исключая)Версия до 3.9 (исключая)
Одно из
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:chrome_os:*:*
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:android:*:*
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
8.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-1287
CWE-601
Связанные уязвимости
CVSS3: 8.2
github
больше 2 лет назад
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
EPSS
Процентиль: 30%
0.00111
Низкий
8.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-1287
CWE-601