Vulnerability CVE-2020-12283
Published: 2020-04-30

Description:
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.

Type:

CWE-601

 (URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Sourcegraph -> Sourcegraph 

 References:
https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md
https://github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64
https://github.com/sourcegraph/sourcegraph/compare/v3.15.0...v3.15.1
https://github.com/sourcegraph/sourcegraph/pull/10167
Copyright 2024, cxsecurity.com

 

Back to Top