CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 40 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24554 | — | 0.00 | — | 0.02 | Sep 1, 2020 | The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | ||
| CVE-2020-15129 | — | 0.00 | — | 0.08 | Jul 30, 2020 | In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a… | ||
| CVE-2020-8559 | 0.00 | — | 0.06 | Jul 22, 2020 | The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | |||
| CVE-2020-4037 | 0.00 | — | 0.01 | Jun 29, 2020 | In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect… | |||
| CVE-2017-18897 | — | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | ||
| CVE-2020-10959 | — | 0.00 | — | 0.01 | Jun 2, 2020 | resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | ||
| CVE-2020-13486 | — | 0.00 | — | 0.01 | May 25, 2020 | The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | ||
| CVE-2020-12699 | — | 0.00 | — | 0.01 | May 13, 2020 | The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. | ||
| CVE-2020-11053 | 0.00 | — | 0.01 | May 7, 2020 | In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This… | |||
| CVE-2020-12666 | — | 0.00 | — | 0.01 | May 5, 2020 | macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | ||
| CVE-2020-12283 | — | 0.00 | — | 0.01 | Apr 30, 2020 | Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. | ||
| CVE-2020-11611 | — | 0.00 | — | 0.01 | Apr 7, 2020 | An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe… | ||
| CVE-2020-11529 | — | 0.00 | — | 0.11 | Apr 4, 2020 | Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | ||
| CVE-2019-14882 | — | 0.00 | — | 0.01 | Mar 18, 2020 | A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | ||
| CVE-2020-5233 | 0.00 | — | 0.01 | Jan 30, 2020 | OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | |||
| CVE-2020-7936 | — | 0.00 | — | 0.01 | Jan 23, 2020 | An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | ||
| CVE-2019-6035 | — | 0.00 | — | 0.01 | Dec 26, 2019 | Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | ||
| CVE-2014-3652 | — | 0.00 | — | 0.01 | Dec 15, 2019 | JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | ||
| CVE-2019-19709 | — | 0.00 | — | 0.02 | Dec 11, 2019 | MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | ||
| CVE-2019-19703 | — | 0.00 | — | 0.01 | Dec 10, 2019 | In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. |
- CVE-2020-24554Sep 1, 2020risk 0.00cvss —epss 0.02
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.
- CVE-2020-15129Jul 30, 2020risk 0.00cvss —epss 0.08
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a…
- CVE-2020-8559Jul 22, 2020risk 0.00cvss —epss 0.06
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
- CVE-2020-4037Jun 29, 2020risk 0.00cvss —epss 0.01
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect…
- CVE-2017-18897Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
- CVE-2020-10959Jun 2, 2020risk 0.00cvss —epss 0.01
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
- CVE-2020-13486May 25, 2020risk 0.00cvss —epss 0.01
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
- CVE-2020-12699May 13, 2020risk 0.00cvss —epss 0.01
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.
- CVE-2020-11053May 7, 2020risk 0.00cvss —epss 0.01
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This…
- CVE-2020-12666May 5, 2020risk 0.00cvss —epss 0.01
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
- CVE-2020-12283Apr 30, 2020risk 0.00cvss —epss 0.01
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
- CVE-2020-11611Apr 7, 2020risk 0.00cvss —epss 0.01
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe…
- CVE-2020-11529Apr 4, 2020risk 0.00cvss —epss 0.11
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
- CVE-2019-14882Mar 18, 2020risk 0.00cvss —epss 0.01
A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.
- CVE-2020-5233Jan 30, 2020risk 0.00cvss —epss 0.01
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
- CVE-2020-7936Jan 23, 2020risk 0.00cvss —epss 0.01
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
- CVE-2019-6035Dec 26, 2019risk 0.00cvss —epss 0.01
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
- CVE-2014-3652Dec 15, 2019risk 0.00cvss —epss 0.01
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
- CVE-2019-19709Dec 11, 2019risk 0.00cvss —epss 0.02
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
- CVE-2019-19703Dec 10, 2019risk 0.00cvss —epss 0.01
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.