PT-2021-19827 · Tenancy · Tenancy
Jazo
·
Published
2021-05-27
·
Updated
2022-03-18
·
CVE-2021-32645
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Tenancy multi-tenant versions prior to 5.7.2
Description
The issue allows for open redirects, where users can be redirected from the site to any other site using a specially crafted URL. This occurs in installations using the default Hostname Identification and tenants with
force https set to true.Recommendations
For versions prior to 5.7.2, update to version 5.7.2 to fix the bug.
As a temporary workaround, consider setting the
force https to false for every tenant, however, this may degrade connection security.Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenancy