Lucene search

[email protected]CVE-2017-7266

HistoryMar 26, 2017 - 5:59 a.m.

CVE-2017-7266

2017-03-2605:59:00

CWE-601

[email protected]

web.nvd.nist.gov

netflix

security

monkey

open redirect

vulnerability

nvd

cve-2017-7266

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.9%

JSON

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the “next” parameter which then redirects to any domain irrespective of the Host header.

Affected configurations

NVD

Node

netflixsecurity_monkeyRange≤0.7.0

CPENameOperatorVersion
netflix:security_monkeynetflix security monkeyle0.7.0

CPE	Name	Operator	Version
netflix:security_monkey	netflix security monkey	le	0.7.0

References

www.securityfocus.com/bid/97088

github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466

github.com/Netflix/security_monkey/pull/482

github.com/Netflix/security_monkey/releases/tag/v0.8.0

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.9%

JSON

Related for CVE-2017-7266

osv2 prion1 github1 nvd1 cvelist1