Lucene search

Veracode Vulnerability DatabaseVERACODE:47363

HistoryJun 05, 2024 - 6:48 a.m.

Open Redirect

2024-06-0506:48:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

open redirect

vulnerability

github

harbor

oidc

authentication

software

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

github.com/goharbor/harbor is vulnerable to open redirect. The vulnerability is due to a lack of validation for the redirect_url parameter with the OIDC authentication, which allows attackers to redirect users to malicious sites after login.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for VERACODE:47363