CVE-2024-34074

EPSS 0.57%
Veröffentlicht 14.05.2024 15:38:27
Zuletzt bearbeitet 04.08.2025 14:37:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Frappe vuilnerable to an open redirect on login page

Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Frappe ≫ Frappe Version < 14.74.0

Frappe ≫ Frappe Version >= 15.0.0 < 15.26.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829

Patch

https://github.com/frappe/frappe/pull/26304

Patch

Issue Tracking

https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-34074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34074

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-34074