Open redirection vulnerability
Bug #1929620 reported by
Anton
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Landscape Server |
Fix Released
|
High
|
Simon Poirier |
Bug Description
Open redirect is possible using request path /redirect?
This can be used to perform phishing campaigns in order to obtain landscape credentials, that further can be used to RCE on multiple endpoints registered in the victim's Landscape account.
CVE References
Changed in landscape: | |
status: | New → Confirmed |
importance: | Undecided → Critical |
importance: | Critical → High |
Changed in landscape: | |
assignee: | nobody → Simon Poirier (simpoir) |
status: | Confirmed → In Progress |
Changed in landscape: | |
status: | In Progress → Fix Committed |
Changed in landscape: | |
milestone: | none → 19.10.5 |
Changed in landscape: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public |
information type: | Public → Public Security |
To post a comment you must log in.
landscape. is.canonical. com is also vulnerable, just try to open https:/ /landscape. is.canonical. com/redirect? next_url= /\qweqweasdasdqw eqwe.com