Minwoox

**Name of the Vulnerable Software and Affected Versions** Central Dogma versions prior to 0.78.0 **Description** Central Dogma versions before 0.78.0 are affected by an Open Redirect issue. This allows attackers to redirect users to untrusted sites through specially crafted URLs, which could lead to phishing attacks and the theft of credentials. The vulnerability involves manipulating URLs to redirect users to malicious websites. **Recommendations** Update to version 0.78.0 or later.

**Name of the Vulnerable Software and Affected Versions** Central Dogma versions prior to 0.64.1 **Description** A Cross-Site Scripting (XSS) vulnerability in Central Dogma could allow for the leakage of user sessions and subsequent authentication bypass. The issue targets the RelayState of Security Assertion Markup Language (SAML), enabling malicious actors to leak user sessions and compromise authentication mechanisms. This can facilitate unauthorized access to sensitive resources. **Recommendations** For Central Dogma versions prior to 0.64.1, upgrade to version 0.64.1 or later to mitigate the risk associated with the authentication bypass. No viable workarounds are currently available for this vulnerability, so applying the provided patch promptly is recommended.

**Name of the Vulnerable Software and Affected Versions** Central Dogma (affected versions not specified) **Description** The issue allows for privilege escalation through mirroring to the internal dogma repository, which contains a file that manages project authorization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.