Lucene search

GitHub Advisory DatabaseGHSA-9HG5-7HWC-V434

HistoryMay 24, 2022 - 5:05 p.m.

Athenz vulnerable to Open Redirect

2022-05-2417:05:08

CWE-601

GitHub Advisory Database

github.com

athenz

open redirect

vulnerability

software

phishing

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

57.4%

JSON

Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

Affected configurations

Vulners

Node

com.yahoo.athenzathenzRange<1.8.25

VendorProductVersionCPE
com.yahoo.athenzathenz*cpe:2.3:a:com.yahoo.athenz:athenz:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
com.yahoo.athenz	athenz	*	cpe:2.3:a:com.yahoo.athenz:athenz::::::::

References

jvn.jp/en/jp/JVN57070811/index.html

github.com/advisories/GHSA-9hg5-7hwc-v434

github.com/AthenZ/athenz/commit/c4dc89b31fda501af45c20b33db620a077079744

github.com/yahoo/athenz/pull/700

nvd.nist.gov/vuln/detail/CVE-2019-6035

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

57.4%

JSON

Related for GHSA-9HG5-7HWC-V434