Описание
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.13.1-1ubuntu0.3 |
| devel | released | 0.17.0-1ubuntu1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 0.13.1-1ubuntu0.3 |
| esm-infra/focal | not-affected | 0.16.0-1ubuntu0.1 |
| focal | released | 0.16.0-1ubuntu0.1 |
| hirsute | released | 0.17.0-1ubuntu0.21.04.1 |
| impish | released | 0.17.0-1ubuntu1 |
| jammy | released | 0.17.0-1ubuntu1 |
Показывать по
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
A flaw was found in mod_auth_mellon where it does not sanitize logout ...
EPSS
6.1 Medium
CVSS3