Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@JLLeitschuh (with help from CodeQL) reported this open redirect, which was fixed in 1.50.0:
https://www.kb.cert.org/vince/comm/login/?next=https%3A%2F%2Fexample.com
VINCE/cogauth/views.py
Line 768 in b986a86
b986a86
While not a serious issue: https://bughunters.google.com/learn/invalid-reports/web-platform/navigation/6680364896223232/open-redirectors
...it could be considered CVE-worthy and handled as such. I'd be happy to write it up if that helps.
The text was updated successfully, but these errors were encountered:
It would be good if a CVE number was assigned
Sorry, something went wrong.
Hello @JLLeitschuh
Mea culpa - Sorry for the delay. I promised to get a CVE and also give you credit. Hopefully next week will be less crazy and will get the CVE and update this issue.
Thanks Vijay
Hello @zmanion and @JLLeitschuh
Reserved and published this with CVE-2022-25799 with credit to @JLLeitschuh
Thanks @sei-vsarvepalli @JLLeitschuh and @attritionorg. #dogfood!
sei-vsarvepalli
No branches or pull requests
@JLLeitschuh (with help from CodeQL) reported this open redirect, which was fixed in 1.50.0:
https://www.kb.cert.org/vince/comm/login/?next=https%3A%2F%2Fexample.com
VINCE/cogauth/views.py
Line 768 in b986a86
b986a86
While not a serious issue:
https://bughunters.google.com/learn/invalid-reports/web-platform/navigation/6680364896223232/open-redirectors
...it could be considered CVE-worthy and handled as such. I'd be happy to write it up if that helps.
The text was updated successfully, but these errors were encountered: