Lucene search

[email protected]NVD:CVE-2024-25715

HistoryFeb 11, 2024 - 3:15 a.m.

CVE-2024-25715

2024-02-1103:15:09

CWE-601

[email protected]

web.nvd.nist.gov

glewlwyd sso server

open redirection

vulnerability

cve-2024-25715

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.

Affected configurations

Nvd

Node

glewlwyd_sso_server_projectglewlwyd_sso_serverRange2.0.0–2.7.6

VendorProductVersionCPE
glewlwyd_sso_server_projectglewlwyd_sso_server*cpe:2.3:a:glewlwyd_sso_server_project:glewlwyd_sso_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glewlwyd_sso_server_project	glewlwyd_sso_server	*	cpe:2.3:a:glewlwyd_sso_server_project:glewlwyd_sso_server::::::::

References

github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754

github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-25715

cve1 vulnrichment1 osv1 cvelist1 ubuntucve1 prion1 debiancve1 veracode1