CVE-2024-27592

Name of the Vulnerable Software and Affected Versions Corezoid Process Engine version 6.5.0

Description The issue allows attackers to redirect users to arbitrary websites by appending a crafted link to the /login/ endpoint in the login page URL. This can be exploited by adding a malicious link to the login page, potentially leading to phishing attacks or other malicious activities.

Recommendations For Corezoid Process Engine version 6.5.0, consider restricting access to the /login/ endpoint until a patch is available, or apply configuration changes to prevent redirects to external websites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.