5.1
CVE-2026-42350
- EPSS 0.24%
- Veröffentlicht 08.05.2026 22:35:30
- Zuletzt bearbeitet 13.05.2026 16:49:32
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerakuity
≫
Produkt
kargo
Version
< 1.7.10
Status
affected
Version
>= 1.8.0-rc.1, < 1.8.13
Status
affected
Version
>= 1.9.0-rc.1, < 1.9.8
Status
affected
Version
>= 1.10.0-rc.1, < 1.10.2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.147 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://github.com/akuity/kargo/security/advisories/GHSA-g7gw-m874-7rmf