A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 17 Oct 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Thu, 17 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. |
Weaknesses | CWE-1287 |
MITRE
Status: PUBLISHED
Assigner: Zscaler
Published: 2023-06-22T19:06:24.943Z
Updated: 2024-12-05T17:43:58.739Z
Reserved: 2023-03-23T18:29:15.802Z
Link: CVE-2023-28799
Vulnrichment
Updated: 2024-08-02T13:51:38.885Z
NVD
Status : Modified
Published: 2023-06-22T20:15:09.283
Modified: 2024-11-21T07:56:02.213
Link: CVE-2023-28799
Redhat
No data.