PT-2024-35701 · Bunkerweb · Bunkerweb

Adventure8812

·

Published

2024-11-27

·

Updated

2024-12-11

·

CVE-2024-53264

CVSS v4.0

5.1

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions bunkerweb versions prior to 1.5.11
Description A open redirect issue exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the next parameter. The loading endpoint accepts and uses an unvalidated next parameter for redirects, for example, visiting /loading?next=https://google.com while authenticated will cause the page to redirect to google.com. This could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites.
Recommendations For versions prior to 1.5.11, upgrade to version 1.5.11 to resolve the issue. As a temporary workaround, consider restricting access to the /loading endpoint or validating the next parameter to minimize the risk of exploitation. Avoid using the next parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-53264
GHSA-Q9RR-H3HX-M87G
GO-2024-3294
OPENSUSE-SU-2024:14567-1

Affected Products

Bunkerweb