VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 35 of 42
  • CVE-2020-36627Dec 25, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to…

  • CVE-2022-4720Dec 23, 2022
    risk 0.00cvss epss 0.00

    Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5.

  • CVE-2022-4644Dec 22, 2022
    risk 0.00cvss epss 0.01

    Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.

  • CVE-2022-47500Dec 19, 2022
    risk 0.00cvss epss 0.01

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI…

  • CVE-2021-4260Dec 19, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d4…

  • CVE-2022-4589Dec 17, 2022
    risk 0.00cvss epss 0.00

    A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched…

  • CVE-2022-46683Dec 7, 2022
    risk 0.00cvss epss 0.01

    Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

  • CVE-2022-41965Nov 28, 2022
    risk 0.00cvss epss 0.00

    Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to…

  • CVE-2022-45402Nov 15, 2022
    risk 0.00cvss epss 0.82

    In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

  • CVE-2022-43985Nov 2, 2022
    risk 0.00cvss epss 0.01

    In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

  • CVE-2022-3438Oct 10, 2022
    risk 0.00cvss epss 0.00

    Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

  • CVE-2022-40083Sep 28, 2022
    risk 0.00cvss epss 0.02

    Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).

  • CVE-2022-28977Sep 22, 2022
    risk 0.00cvss epss 0.00

    HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers…

  • CVE-2022-40754Sep 21, 2022
    risk 0.00cvss epss 0.01

    In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

  • CVE-2022-25295Sep 11, 2022
    risk 0.00cvss epss 0.01

    This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts…

  • CVE-2022-36087Sep 9, 2022
    risk 0.00cvss epss 0.01

    OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it…

  • CVE-2020-26938Aug 29, 2022
    risk 0.00cvss epss 0.01

    In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious…

  • CVE-2021-23385Aug 2, 2022
    risk 0.00cvss epss 0.01

    This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This…

  • CVE-2022-31193Aug 1, 2022
    risk 0.00cvss epss 0.01

    DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL…

  • CVE-2022-35652Jul 25, 2022
    risk 0.00cvss epss 0.01

    An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful…