CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 23 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12666 | — | Med | 0.33 | 6.1 | 0.01 | May 5, 2020 | macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | |
| CVE-2020-12283 | — | Med | 0.33 | 6.1 | 0.01 | Apr 30, 2020 | Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. | |
| CVE-2019-6035 | — | Med | 0.33 | 6.1 | 0.01 | Dec 26, 2019 | Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | |
| CVE-2014-3652 | — | Med | 0.33 | 6.1 | 0.01 | Dec 15, 2019 | JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | |
| CVE-2019-19703 | — | Med | 0.33 | 6.1 | 0.01 | Dec 10, 2019 | In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | |
| CVE-2019-10372 | Med | 0.33 | 6.1 | 0.01 | Aug 7, 2019 | An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | ||
| CVE-2019-10856 | Med | 0.33 | 6.1 | 0.01 | Apr 4, 2019 | In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | ||
| CVE-2019-10255 | Med | 0.33 | 6.1 | 0.02 | Mar 28, 2019 | An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url… | ||
| CVE-2018-19790 | — | Med | 0.33 | 6.1 | 0.01 | Dec 18, 2018 | An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the… | |
| CVE-2018-15178 | — | Med | 0.33 | 6.1 | 0.01 | Aug 8, 2018 | Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | |
| CVE-2018-14474 | Med | 0.33 | 6.1 | 0.02 | Jul 20, 2018 | views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | ||
| CVE-2018-14381 | — | Med | 0.33 | 6.1 | 0.01 | Jul 18, 2018 | Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. | |
| CVE-2018-11041 | — | Med | 0.33 | 6.1 | 0.01 | Jun 25, 2018 | Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page,… | |
| CVE-2018-11408 | — | Med | 0.33 | 6.1 | 0.01 | Jun 13, 2018 | The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue… | |
| CVE-2018-3743 | — | Med | 0.33 | 6.1 | 0.01 | Jun 1, 2018 | Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | |
| CVE-2015-8094 | Med | 0.33 | 6.1 | 0.02 | May 22, 2018 | Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | ||
| CVE-2018-10101 | Med | 0.33 | 6.1 | 0.03 | Apr 16, 2018 | Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | ||
| CVE-2018-10100 | Med | 0.33 | 6.1 | 0.03 | Apr 16, 2018 | Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | ||
| CVE-2017-1000481 | — | Med | 0.33 | 6.1 | 0.01 | Jan 3, 2018 | When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on… | |
| CVE-2015-6961 | Med | 0.33 | 6.1 | 0.01 | Oct 18, 2017 | Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout. |
- risk 0.33cvss 6.1epss 0.01
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
- risk 0.33cvss 6.1epss 0.01
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
- risk 0.33cvss 6.1epss 0.01
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
- risk 0.33cvss 6.1epss 0.01
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
- risk 0.33cvss 6.1epss 0.01
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
- risk 0.33cvss 6.1epss 0.01
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.
- risk 0.33cvss 6.1epss 0.01
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
- risk 0.33cvss 6.1epss 0.02
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url…
- risk 0.33cvss 6.1epss 0.01
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the…
- risk 0.33cvss 6.1epss 0.01
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
- risk 0.33cvss 6.1epss 0.02
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
- risk 0.33cvss 6.1epss 0.01
Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.
- risk 0.33cvss 6.1epss 0.01
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page,…
- risk 0.33cvss 6.1epss 0.01
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue…
- risk 0.33cvss 6.1epss 0.01
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.
- risk 0.33cvss 6.1epss 0.02
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
- risk 0.33cvss 6.1epss 0.03
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
- risk 0.33cvss 6.1epss 0.03
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
- risk 0.33cvss 6.1epss 0.01
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on…
- risk 0.33cvss 6.1epss 0.01
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.