CVE-2024-47530

Exploit

EPSS 0.38%
Veröffentlicht 30.09.2024 16:15:09
Zuletzt bearbeitet 15.11.2024 18:03:06
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clinical-genomics ≫ Scout Version < 4.89

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.294

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/Clinical-Genomics/scout/commit/50055edfca9a7183b248019af97e1fb0b0065a02

Patch

https://github.com/Clinical-Genomics/scout/security/advisories/GHSA-3x45-2m34-x95v

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-47530

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47530

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47530

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47530