VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 40 of 42
  • CVE-2020-24554Sep 1, 2020
    risk 0.00cvss epss 0.02

    The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

  • CVE-2020-15129Jul 30, 2020
    risk 0.00cvss epss 0.08

    In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a…

  • CVE-2020-8559Jul 22, 2020
    risk 0.00cvss epss 0.06

    The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

  • CVE-2020-4037Jun 29, 2020
    risk 0.00cvss epss 0.01

    In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect…

  • CVE-2017-18897Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.

  • CVE-2020-10959Jun 2, 2020
    risk 0.00cvss epss 0.01

    resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

  • CVE-2020-13486May 25, 2020
    risk 0.00cvss epss 0.01

    The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

  • CVE-2020-12699May 13, 2020
    risk 0.00cvss epss 0.01

    The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.

  • CVE-2020-11053May 7, 2020
    risk 0.00cvss epss 0.01

    In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This…

  • CVE-2020-12666May 5, 2020
    risk 0.00cvss epss 0.01

    macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.

  • CVE-2020-12283Apr 30, 2020
    risk 0.00cvss epss 0.01

    Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.

  • CVE-2020-11611Apr 7, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe…

  • CVE-2020-11529Apr 4, 2020
    risk 0.00cvss epss 0.11

    Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.

  • CVE-2019-14882Mar 18, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

  • CVE-2020-5233Jan 30, 2020
    risk 0.00cvss epss 0.01

    OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

  • CVE-2020-7936Jan 23, 2020
    risk 0.00cvss epss 0.01

    An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.

  • CVE-2019-6035Dec 26, 2019
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

  • CVE-2014-3652Dec 15, 2019
    risk 0.00cvss epss 0.01

    JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

  • CVE-2019-19709Dec 11, 2019
    risk 0.00cvss epss 0.02

    MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.

  • CVE-2019-19703Dec 10, 2019
    risk 0.00cvss epss 0.01

    In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.