You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for your contribution to the open source community.
While doing some source code review on Kuiper, I was able to find an Open Redirect vulnerability in next parameter that is used in the login process.
Open Redirect Description and Impact:
An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection.
thank you Cainor,
i think there are a lot of vulnerabilities in Kuiper, specially since it uses python 2.7 with all of its libraries.
it is intended to be used for internal team not public, so i did not do much for the vulnerabilities as long as it help the analyst to do their job. :)
السلام عليكم ورحمة الله وبركاته
Dear Team,
Thank you for your contribution to the open source community.
While doing some source code review on Kuiper, I was able to find an Open Redirect vulnerability in
next
parameter that is used in the login process.Open Redirect Description and Impact:
An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection.
Vulnerable Code:
Kuiper/kuiper/app/__init__.py
Lines 262 to 270 in 4602e0e
As you can see, the
next
parameter is not validated to be part of the site.Recommended Solution:
Validate the user input before redirecting them.
I wish I had some knowledge in Flask just to contribute to your great repo. Here is a recommended solution I found:
https://pythonkitchen.com/how-prevent-open-redirect-vulnerab-flask/
Hope this helps.
Good luck :)
The text was updated successfully, but these errors were encountered: