CVE-2024-21641 Flarum's Logout Route allows open redirects

2024-01-0521:02:56

CWE-601

GitHub_M

www.cve.org

flarum

logout route

open redirect

vulnerability

v1.8.5

fix

third party

redirect parameter

trusted domain

spammers

workaround

extensions

implementation safe

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.6%

JSON

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.

CNA Affected

[
  {
    "vendor": "flarum",
    "product": "framework",
    "versions": [
      {
        "version": "< 1.8.5",
        "status": "affected"
      }
    ]
  }
]