Lucene search

K
githubGitHub Advisory DatabaseGHSA-VP8P-C6XJ-XPJ7
HistoryMay 23, 2024 - 5:12 p.m.

Silverstripe External redirection risk in Security?ReturnURL

2024-05-2317:12:13
CWE-601
GitHub Advisory Database
github.com
3
silverstripe
framework
vulnerability
external redirection
login
risk
security

7 High

AI Score

Confidence

Low

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site.

For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page http://attacker-site.com. If that website were set up to look identical to the first with β€œlogin failed” then the user will likely just enter their user/pass again.

Affected configurations

Vulners
Node
silverstripeframeworkRange≀3.1.13-rc1
OR
silverstripeframeworkRange≀3.0.13

7 High

AI Score

Confidence

Low