Unrated severityNVD Advisory· Published Sep 30, 2024· Updated Sep 30, 2024

Scout contains an Open Redirect on Login via `next`

CVE-2024-47530

Description

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

Affected products

Clinical Genomics/Scoutv5
Range: < 4.89

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Clinical-Genomics/scout/commit/50055edfca9a7183b248019af97e1fb0b0065a02mitrex_refsource_MISC
github.com/Clinical-Genomics/scout/security/advisories/GHSA-3x45-2m34-x95vmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000