Описание
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
A flaw was found in django-allauth. This open redirect vulnerability exists when Security Assertion Markup Language (SAML) Identity Provider (IdP) initiated Single Sign-On (SSO) is enabled, which is disabled by default. A remote attacker could exploit this by crafting a malicious URL, potentially redirecting users to an arbitrary external website. This could lead to information disclosure or phishing attacks.
Отчет
MODERATE: This open redirect vulnerability in django-allauth affects systems where SAML IdP initiated SSO is explicitly enabled. By default, SAML IdP initiated SSO is disabled, which limits the exposure for Red Hat products. Systems with the default configuration are not affected.
Меры по смягчению последствий
To mitigate this vulnerability, ensure that SAML IdP initiated SSO is disabled in django-allauth. This feature is disabled by default, so no action is required if the default configuration has been maintained. If SAML IdP initiated SSO was previously enabled, disable it in your django-allauth configuration.
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
An open redirect vulnerability exists in django-allauth versions prior ...
4.3 Medium
CVSS3