assign CVE ID for open redirect fixed in 1.50.0 #45
Assignees
Labels
security
Affects security
Comments
|
It would be good if a CVE number was assigned |
|
Hello @JLLeitschuh Mea culpa - Sorry for the delay. I promised to get a CVE and also give you credit. Hopefully next week will be less crazy and will get the CVE and update this issue. Thanks |
|
Hello @zmanion and @JLLeitschuh Reserved and published this with CVE-2022-25799 with credit to @JLLeitschuh Thanks |
|
Thanks @sei-vsarvepalli @JLLeitschuh and @attritionorg. #dogfood! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@JLLeitschuh (with help from CodeQL) reported this open redirect, which was fixed in 1.50.0:
https://www.kb.cert.org/vince/comm/login/?next=https%3A%2F%2Fexample.com
VINCE/cogauth/views.py
Line 768 in b986a86
b986a86
While not a serious issue:
https://bughunters.google.com/learn/invalid-reports/web-platform/navigation/6680364896223232/open-redirectors
...it could be considered CVE-worthy and handled as such. I'd be happy to write it up if that helps.
The text was updated successfully, but these errors were encountered: