Lucene search
GoogleOSV:GHSA-GFVF-2F25-F34RHistoryMay 15, 2024 - 8:26 p.m.
Drupal Anonymous Open Redirect
2024-05-1520:26:50
Google
osv.dev
4
drupal
open redirect
vulnerability
social engineering
query string
6.9 Medium
AI Score
Confidence
High
Drupal core and contributed modules frequently use a “destination” query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/core | eq | 8.4.0 | |
| drupal/core | eq | 8.2.6 | |
| drupal/core | eq | 8.4.5 | |
| drupal/core | eq | 8.1.6 | |
| drupal/core | eq | 8.3.7 | |
| drupal/core | eq | 8.1.7 | |
| drupal/core | eq | 8.3.4 | |
| drupal/core | eq | 8.2.0 | |
| drupal/core | eq | 8.3.0-beta1 | |
| drupal/core | eq | 8.2.3 |
6.9 Medium
AI Score
Confidence
High