CVE-2024-39694

🗓️ 31 Jul 2024 15:44:55Reported by GitHub_MType

Possible open redirect vulnerability in Duende IdentityServer for ASP.NET Cor

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2024-39694	31 Jul 202419:20	–	circl
CNNVD	Duende IdentityServer 安全漏洞	31 Jul 202400:00	–	cnnvd
Cvelist	CVE-2024-39694 Duende IdentityServer Open Redirect vulnerability	31 Jul 202415:44	–	cvelist
EUVD	EUVD-2024-2334	3 Oct 202520:07	–	euvd
Github Security Blog	IdentityServer Open Redirect vulnerability	31 Jul 202419:57	–	github
Github Security Blog	IdentityServer Open Redirect vulnerability	31 Jul 202415:28	–	github
NVD	CVE-2024-39694	31 Jul 202416:15	–	nvd
OSV	CVE-2024-39694 Duende IdentityServer Open Redirect vulnerability	31 Jul 202415:44	–	osv
OSV	GHSA-55P7-V223-X366 IdentityServer Open Redirect vulnerability	31 Jul 202419:57	–	osv
OSV	GHSA-FF4Q-64JC-GX98 IdentityServer Open Redirect vulnerability	31 Jul 202415:28	–	osv

Vulners

Node

duendesoftware identityserverRange<6.0.5

duendesoftware identityserverRange6.1.0-preview.1–6.1.7

duendesoftware identityserverRange6.2.0-preview.1–6.2.4

duendesoftware identityserverRange6.3.0-preview.1–6.3.9

duendesoftware identityserverRange7.0.0-preview.1–7.0.5

[
  {
    "vendor": "DuendeSoftware",
    "product": "IdentityServer",
    "versions": [
      {
        "version": "< 6.0.5",
        "status": "affected"
      },
      {
        "version": ">= 6.1.0-preview.1, <= 6.1.7",
        "status": "affected"
      },
      {
        "version": ">= 6.2.0-preview.1, <= 6.2.4",
        "status": "affected"
      },
      {
        "version": ">= 6.3.0-preview.1, <= 6.3.9",
        "status": "affected"
      },
      {
        "version": ">= 7.0.0-preview.1, <= 7.0.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/DuendeSoftware/IdentityServer/commit/f04cf0be859b93f43563f8f812eb92206ad94011
github	www.github.com/DuendeSoftware/IdentityServer/security/advisories/GHSA-ff4q-64jc-gx98
github	www.github.com/DuendeSoftware/IdentityServer/commit/fe817b499933d6ed6141b153492d7335c28b184a
github	www.github.com/DuendeSoftware/IdentityServer/commit/765116a2d4fb0671b6eba015e698533900c61c8e
github	www.github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1
github	www.github.com/DuendeSoftware/IdentityServer/commit/269ca2171fe1e901c87f2f0797bbc7c230db87c6

15 Apr 2026 00:35Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.14.7

EPSS0.00141

SSVC

CWE-601