CVE-2024-7211

Name of the Vulnerable Software and Affected Versions 1E Platform (affected versions not specified) Duende Identity Server (affected versions not specified)

Description The issue concerns an open redirect vulnerability in the Duende Identity Server, a third-party component used by the 1E Platform. This vulnerability allows an attacker to control the redirection path of end users, potentially redirecting them to untrusted sites.

Recommendations For the 1E Platform, update the component utilizing the Duende Identity Server with the patch that includes the fix. For the Duende Identity Server, apply the necessary patch to resolve the issue. As a temporary workaround, consider restricting URL redirection to trusted sites until the patch is applied.