Open Redirect in ikus060/rdiffweb

Valid

Reported on

Nov 29th 2021

Description

ikus060/rdiffweb is vulnerable to open redirect at login page.

https://rdiffweb-demo.ikus-soft.com/login/?redirect=https://attacker.com

after login to the above url it redirect to attacker .com

This vulnerability is capable of redirecting to malicious website

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. 2 years ago

We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back 2 years ago

Patrik Dufresne validated this vulnerability 2 years ago

Asura-N has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented 2 years ago

Maintainer

@Asura-N

Changes are merged into master branches

commented 2 years ago

Researcher

@Patrik Dufresne

Issue fixed.

Patrik Dufresne marked this as fixed in 2.3.7 with commit 42455b a year ago

This vulnerability will not receive a CVE

to join this conversation

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. 2 years ago

We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back 2 years ago

Patrik Dufresne validated this vulnerability 2 years ago

Asura-N has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented 2 years ago

Maintainer

@Asura-N

Changes are merged into master branches

commented 2 years ago

Researcher

@Patrik Dufresne

Issue fixed.

Patrik Dufresne marked this as fixed in 2.3.7 with commit 42455b a year ago

This vulnerability will not receive a CVE

to join this conversation