4.8

CVE-2024-24764

EPSS 0.1%
Veröffentlicht 26.06.2024 01:15:47
Zuletzt bearbeitet 21.11.2024 08:59:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema.  The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octobercms ≫ October Version >= 3.2.0 < 3.5.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.287

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	3.5	0.9	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-24764

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24764

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24764

EUVD