PT-2021-15522 · Clearance · Clearance

Mottini Mauro

Published

2021-09-12

Updated

2021-09-23

CVE-2021-23435

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions clearance versions prior to 2.5.0

Description The issue arises when users can set the value of session[:return to]. If the value used for return to contains multiple leading slashes (e.g., /////example.com), the user is redirected to the external domain that comes after the slashes (e.g., http://example.com).

Recommendations For versions prior to 2.5.0, consider updating to version 2.5.0 or later to resolve the issue. As a temporary workaround, restrict the ability of users to set the value of session[:return to] or validate and sanitize the return to value to prevent redirection to external domains.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-23435

GHSA-4HPQ-RJCX-7VJ9

SNYK-RUBY-CLEARANCE-1577284

Affected Products

Clearance

PT-2021-15522 · Clearance · Clearance

CVE-2021-23435

Weakness Enumeration

Related Identifiers

Affected Products

References · 10