•  
      request #11136 Open redirect vulnerability on /my/redirect.php
    Infos
    #11136
    Thomas Gerbet (tgerbet)
    2018-03-05 18:07
    2018-02-13 17:16
    11183
    Details
    Open redirect vulnerability on /my/redirect.php

    An open redirect vulnerability exists on the /my/redirect.php page.

    Impact

    An attacker could use this vulnerability to redirect a victim to an untrusted website. This can be used to ease phishing attacks for example.
    CVSSv3 score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)

    Exploitation

    One way to demonstrate the issue is to access to https://<tuleap_instance>/my/redirect.php?return_to=%2F%2Fexample.com , you will be redirect to example.com.

    A first unsuccessful attempt at fixing the issue has been done in request #7744.

    Credits

    This vulnerability has been reported by RedTeam Pentesting GmbH.
    Their advisory for this vulnerability is available here: RT-SA-2018-001

    References

    CWE-601
    OWASP - Unvalidated Redirects and Forwards

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-02-14
    Attachments
    Empty
    References

    Follow-ups

    • User avatar
      Thomas Gerbet (tgerbet)2018-03-05 18:07
      Public disclosure.
    • User avatar
      gerrit #10560 integrated into Tuleap 9.17.99.93

      • Status changed from Under review to Closed
      • Connected artifacts
      • Close date set to 2018-02-14
    • User avatar
      Thomas Gerbet (tgerbet)2018-02-13 18:01
      A fix is under review: gerrit #10560.

      • Original Submission
        Something went wrong, the follow up content couldn't be loaded
        Only formatting have been changed, you should switch to markup to see the changes
      • Status changed from Under implementation to Under review