Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-26T05:47:00

Updated: 2024-08-05T15:56:36.399Z

Reserved: 2017-03-26T00:00:00

Link: CVE-2017-7266

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-03-26T05:59:00.273

Modified: 2024-11-21T03:31:30.403

Link: CVE-2017-7266

cve-icon Redhat

No data.