Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DiracX-Web login page has Open Redirect vulnerability
Vulnerability Description
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a `redirect` field which is the location where the server will redirect the user. This URI is not verified, and can be an arbitrary URI. Paired with a parameter pollution, an attacker can hide their malicious URI. This could be used for phishing, and extract new data (such as redirecting to a new "log in" page, and asking another time credentials). Version 0.1.0-a8 fixes this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
DiracX-Web 输入验证错误漏洞
Vulnerability Description
DiracX-Web是DIRAC Project开源的一个DiracX的用户界面。 DiracX-Web 0.1.0-a8之前版本存在输入验证错误漏洞,该漏洞源于重定向字段未验证,可能导致钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A