Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Octopus Web Portal Integrated Authentication open redirection bug #2384

Closed
robpearson opened this issue Feb 21, 2016 · 2 comments

Comments

@robpearson
Copy link

commented Feb 21, 2016

The Octopus web portal integrated authentication login challenge page supports a redirect query string parameter which is open to malicious redirects.

Big thanks to Marc Barry for reporting this security issue!

@robpearson robpearson self-assigned this Feb 21, 2016
@robpearson robpearson added in progress and removed ready labels Feb 21, 2016
@robpearson

This comment has been minimized.

Copy link
Author

commented Feb 21, 2016

Release Note: Fixed open redirect bug in the Octopus web portal integrated authentication process

@robpearson robpearson added forreview and removed in progress labels Feb 21, 2016
@robpearson robpearson closed this Feb 21, 2016
@robpearson robpearson removed the forreview label Feb 21, 2016
@octoreleasebot octoreleasebot added this to the 3.2.24 milestone Feb 21, 2016
@lock

This comment has been minimized.

Copy link

commented Nov 26, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Nov 26, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.