Open redirect to another domain after login with next query #9950

pellepelle3 · 2022-08-08T15:58:54Z

NetBox version

v3.2.7

Python version

3.9

Steps to Reproduce

On login the query string next can redirect to another domain with //www.google.com
/login/?next={path}
/login/?next=/home
/login/?next=//www.google.com

Expected Behavior

Only redirect to a Path of the current domain.
/login/?next=/home (success)
/login/?next=//www.google.com (should fail and redirect to home)

Observed Behavior

/login/?next=/home (success)
/login/?next=//www.google.com (success)

pellepelle3 added the type: bug A confirmed report of unexpected behavior in the application label Aug 8, 2022

pellepelle3 mentioned this issue Aug 8, 2022

Fixes #9950 Open redirect fix after login #9951

Closed

pellepelle3 changed the title ~~This~~ Open redirect to another domain after login with next query Aug 8, 2022

jeremystretch added the status: accepted This issue has been accepted for implementation label Aug 8, 2022

jeremystretch self-assigned this Aug 8, 2022

jeremystretch closed this as completed in caca074 Aug 8, 2022

jeremystretch mentioned this issue Aug 8, 2022

Release v3.2.8 #9955

Merged

github-actions bot locked as resolved and limited conversation to collaborators Nov 7, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Open redirect to another domain after login with next query #9950

Open redirect to another domain after login with next query #9950

pellepelle3 commented Aug 8, 2022

Open redirect to another domain after login with next query #9950

Open redirect to another domain after login with next query #9950

Comments

pellepelle3 commented Aug 8, 2022

NetBox version

Python version

Steps to Reproduce

Expected Behavior

Observed Behavior