Apache Knox SSO Cross-Site Scripting Vulnerability

Knox Sso is a security vulnerability in Apache Knox SSO, used by the Apache Foundation to provide Web Ui Sso (single sign-on) functionality to your cluster, which stems from a URL parsing error that could craft requests to redirect users to malicious pages. A request containing specially crafted request parameters could be used to redirect users to an attacker-controlled page. This URL needs to be presented to the user outside of the normal request stream via an XSS or phishing campaign. No detailed vulnerability details are currently available.