GitHub_MVULNRICHMENT:CVE-2024-47530CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
26.7%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:clinical-genomics:scout:-:*:*:*:*:*:*:*"
],
"vendor": "clinical-genomics",
"product": "scout",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.89",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
26.7%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial