VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 33 of 42
  • CVE-2024-21641Jan 5, 2024
    risk 0.00cvss epss 0.01

    Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the…

  • CVE-2023-26159Jan 2, 2024
    risk 0.00cvss epss 0.01

    Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this…

  • CVE-2023-49438Dec 26, 2023
    risk 0.00cvss epss 0.01

    An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.

  • CVE-2023-6927Dec 18, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

  • CVE-2023-46750Dec 14, 2023
    risk 0.00cvss epss 0.01

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

  • CVE-2023-50771Dec 13, 2023
    risk 0.00cvss epss 0.01

    Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

  • CVE-2023-42502Nov 28, 2023
    risk 0.00cvss epss 0.01

    An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

  • CVE-2023-47168Nov 27, 2023
    risk 0.00cvss epss 0.00

    Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

  • CVE-2019-25155Oct 31, 2023
    risk 0.00cvss epss 0.01

    DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.

  • CVE-2021-46898Oct 22, 2023
    risk 0.00cvss epss 0.00

    views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

  • CVE-2018-25091Oct 15, 2023
    risk 0.00cvss epss 0.01

    urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in…

  • CVE-2023-39968Aug 28, 2023
    risk 0.00cvss epss 0.01

    jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter…

  • CVE-2023-41080Aug 25, 2023
    risk 0.00cvss epss 0.06

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older,…

  • CVE-2022-45582Aug 22, 2023
    risk 0.00cvss epss 0.01

    Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

  • CVE-2023-37947Jul 12, 2023
    risk 0.00cvss epss 0.00

    Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

  • CVE-2023-35934Jul 6, 2023
    risk 0.00cvss epss 0.01

    yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent…

  • CVE-2023-3515Jul 5, 2023
    risk 0.00cvss epss 0.00

    Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.

  • CVE-2023-35029Jun 15, 2023
    risk 0.00cvss epss 0.00

    Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPage…

  • CVE-2023-34247Jun 13, 2023
    risk 0.00cvss epss 0.00

    Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be…

  • CVE-2023-28370May 25, 2023
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.