PT-2024-32644 · Scout+1 · Scout+1

Letm3Through

Published

2024-09-30

Updated

2025-06-24

CVE-2024-47530

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Scout versions prior to 4.89

Description The issue allows for open redirect attacks, enabling phishing attacks on users by redirecting them to malicious pages. The /login API endpoint is vulnerable due to the absence of sanitization logic in the next parameter. Additionally, the lack of scheme validation makes it possible to perform HTTPS Downgrade Attacks on users.

Recommendations For versions prior to 4.89, update to version 4.89 to resolve the issue. As a temporary workaround, consider restricting access to the /login API endpoint or disabling the next parameter until the update is applied.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-47530

GHSA-3X45-2M34-X95V

OPENSUSE-SU-2024:14578-1

OPENSUSE-SU-2025_0055-1

OPENSUSE-SU-2025_0064-1

OPENSUSE-SU-2025_0067-1

SUSE-SU-2025:0055-1

SUSE-SU-2025:0063-1

SUSE-SU-2025:0064-1

SUSE-SU-2025:0067-1

SUSE-SU-2025_0055-1

SUSE-SU-2025_0063-1

SUSE-SU-2025_0064-1

SUSE-SU-2025_0067-1

SUSE-SU-2025_02055-1

Affected Products

Scout

Suse

PT-2024-32644 · Scout+1 · Scout+1

CVE-2024-47530

Weakness Enumeration

Related Identifiers

Affected Products

References · 64