Skip to content

URL Redirection to Untrusted Site ('Open Redirect') in open-forms

High
sergei-maertens published GHSA-c97h-m5qf-j8mf Jun 13, 2022

Package

open-forms (open-formulieren)

Affected versions

< 1.0.9, < 1.1.1

Patched versions

1.0.9, 1.1.1

Description

Impact

The cookie consent page in Open Forms contains an open redirect by injecting a referer querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website.

Patches

Patches will be provided in the master branch and the upcoming releases for supported versions: 1.0.9 and 1.1.1.

Workarounds

There is no workaround available.

For more information

If you have any questions or comments about this advisory:

Severity

High
7.1
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CVE ID

CVE-2022-31040

Weaknesses