CVE-2022-45917

Name of the Vulnerable Software and Affected Versions ILIAS versions prior to 7.16

Description The issue is related to an open redirect in the shib logout.php script, specifically with the handling of the return parameter. This could allow a remote attacker to redirect users to an arbitrary URL.

Recommendations For versions prior to 7.16, update to version 7.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the shib logout.php script to minimize the risk of exploitation. Avoid using the return parameter in the affected script until the issue is resolved.