CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 33 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21641 | 0.00 | — | 0.01 | Jan 5, 2024 | Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the… | |||
| CVE-2023-26159 | — | 0.00 | — | 0.01 | Jan 2, 2024 | Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this… | ||
| CVE-2023-49438 | — | 0.00 | — | 0.01 | Dec 26, 2023 | An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | ||
| CVE-2023-6927 | 0.00 | — | 0.01 | Dec 18, 2023 | A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. | |||
| CVE-2023-46750 | — | 0.00 | — | 0.01 | Dec 14, 2023 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. | ||
| CVE-2023-50771 | 0.00 | — | 0.01 | Dec 13, 2023 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||
| CVE-2023-42502 | 0.00 | — | 0.01 | Nov 28, 2023 | An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | |||
| CVE-2023-47168 | 0.00 | — | 0.00 | Nov 27, 2023 | Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= | |||
| CVE-2019-25155 | — | 0.00 | — | 0.01 | Oct 31, 2023 | DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | ||
| CVE-2021-46898 | — | 0.00 | — | 0.00 | Oct 22, 2023 | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | ||
| CVE-2018-25091 | 0.00 | — | 0.01 | Oct 15, 2023 | urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in… | |||
| CVE-2023-39968 | 0.00 | — | 0.01 | Aug 28, 2023 | jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter… | |||
| CVE-2023-41080 | — | 0.00 | — | 0.06 | Aug 25, 2023 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older,… | ||
| CVE-2022-45582 | — | 0.00 | — | 0.01 | Aug 22, 2023 | Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | ||
| CVE-2023-37947 | 0.00 | — | 0.00 | Jul 12, 2023 | Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||
| CVE-2023-35934 | — | 0.00 | — | 0.01 | Jul 6, 2023 | yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent… | ||
| CVE-2023-3515 | 0.00 | — | 0.00 | Jul 5, 2023 | Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | |||
| CVE-2023-35029 | 0.00 | — | 0.00 | Jun 15, 2023 | Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPage… | |||
| CVE-2023-34247 | 0.00 | — | 0.00 | Jun 13, 2023 | Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be… | |||
| CVE-2023-28370 | 0.00 | — | 0.01 | May 25, 2023 | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. |
- CVE-2024-21641Jan 5, 2024risk 0.00cvss —epss 0.01
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the…
- CVE-2023-26159Jan 2, 2024risk 0.00cvss —epss 0.01
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this…
- CVE-2023-49438Dec 26, 2023risk 0.00cvss —epss 0.01
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
- CVE-2023-6927Dec 18, 2023risk 0.00cvss —epss 0.01
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
- CVE-2023-46750Dec 14, 2023risk 0.00cvss —epss 0.01
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
- CVE-2023-50771Dec 13, 2023risk 0.00cvss —epss 0.01
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
- CVE-2023-42502Nov 28, 2023risk 0.00cvss —epss 0.01
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
- CVE-2023-47168Nov 27, 2023risk 0.00cvss —epss 0.00
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
- CVE-2019-25155Oct 31, 2023risk 0.00cvss —epss 0.01
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
- CVE-2021-46898Oct 22, 2023risk 0.00cvss —epss 0.00
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.
- CVE-2018-25091Oct 15, 2023risk 0.00cvss —epss 0.01
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in…
- CVE-2023-39968Aug 28, 2023risk 0.00cvss —epss 0.01
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter…
- CVE-2023-41080Aug 25, 2023risk 0.00cvss —epss 0.06
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older,…
- CVE-2022-45582Aug 22, 2023risk 0.00cvss —epss 0.01
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
- CVE-2023-37947Jul 12, 2023risk 0.00cvss —epss 0.00
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
- CVE-2023-35934Jul 6, 2023risk 0.00cvss —epss 0.01
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent…
- CVE-2023-3515Jul 5, 2023risk 0.00cvss —epss 0.00
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.
- CVE-2023-35029Jun 15, 2023risk 0.00cvss —epss 0.00
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPage…
- CVE-2023-34247Jun 13, 2023risk 0.00cvss —epss 0.00
Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be…
- CVE-2023-28370May 25, 2023risk 0.00cvss —epss 0.01
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.