CVE-2024-21497

Опубликовано: 17 фев. 2024

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.

Ссылки

https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
Mitigation
Third Party Advisory
https://github.com/greenpau/caddy-security/issues/268
Issue Tracking
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861
Third Party Advisory
https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
Mitigation
Third Party Advisory
https://github.com/greenpau/caddy-security/issues/268
Issue Tracking
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:greenpau:caddy-security:*:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00097

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-8hp3-rmr7-xh88

CVSS3: 5.4

github

почти 2 года назад

Open Redirect in github.com/greenpau/caddy-security

EPSS

Процентиль: 27%

0.00097

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601