CVE-2024-11207

Name of the Vulnerable Software and Affected Versions Apereo CAS version 6.6

Description A vulnerability has been found in Apereo CAS, affecting an unknown functionality of the file /login. The manipulation of the redirect uri argument leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Apereo CAS version 6.6, update to the latest release to mitigate risks. Apply the latest patches and review security configurations to ensure the system is secure. As a temporary workaround, consider restricting access to the /login file until a patch is available. Avoid using the redirect uri argument in the affected file until the issue is resolved.