5.1 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): Active (A)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): Low (L)
- Subsequent System Impact Integrity (SI): Low (L)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Active (A)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Low (L)
- Modified Subsequent System Impact Integrity (MSI): Low (L)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
CakePHP: Open redirect weakness via backslash bypass
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the redirect query string parameter. This issue is fixed in versions 2.11.1, 3.3.6, and 4.1.1.
References
-
https://github.com/cakephp/authentication/pull/795 x_refsource_MISC
-
https://github.com/cakephp/authentication/pull/796 x_refsource_MISC
-
https://github.com/cakephp/authentication/pull/799 x_refsource_MISC
-
https://github.com/cakephp/authentication/releases/tag/2.11.1 x_refsource_MISC
-
https://github.com/cakephp/authentication/releases/tag/3.3.6 x_refsource_MISC
-
https://github.com/cakephp/authentication/releases/tag/4.1.1 x_refsource_MISC
Affected products
- ==< 2.11.1
- ==>= 4.0.0, < 4.1.1
- ==>= 3.0.0, < 3.3.6
Matching in nixpkgs
pkgs.matrix-authentication-service
OAuth2.0 + OpenID Provider for Matrix Homeservers
pkgs.perlPackages.MailAuthenticationResults
Object Oriented Authentication-Results Headers
-
nixos-unstable 2.20230112
- nixpkgs-unstable 2.20230112
- nixos-unstable-small 2.20230112
-
nixos-26.05 2.20230112
- nixos-26.05-small 2.20230112
- nixpkgs-26.05-darwin 2.20230112
pkgs.perl5Packages.MailAuthenticationResults
Object Oriented Authentication-Results Headers
-
nixos-unstable 2.20230112
- nixpkgs-unstable 2.20230112
- nixos-unstable-small 2.20230112
-
nixos-26.05 2.20230112
- nixos-26.05-small 2.20230112
- nixpkgs-26.05-darwin 2.20230112
pkgs.perlPackages.CatalystPluginAuthentication
Infrastructure plugin for the Catalyst authentication framework
pkgs.perl5Packages.CatalystPluginAuthentication
Infrastructure plugin for the Catalyst authentication framework
pkgs.perlPackages.CatalystAuthenticationStoreLDAP
Authenticate Users against LDAP Directories
pkgs.perl5Packages.CatalystAuthenticationStoreLDAP
Authenticate Users against LDAP Directories
pkgs.perlPackages.CatalystAuthenticationStoreHtpasswd
Authen::Htpasswd based user storage/authentication
pkgs.perl5Packages.CatalystAuthenticationStoreHtpasswd
Authen::Htpasswd based user storage/authentication
pkgs.perlPackages.CatalystAuthenticationCredentialHTTP
HTTP Basic and Digest authentication for Catalyst
pkgs.perlPackages.CatalystAuthenticationStoreDBIxClass
Extensible and flexible object <-> relational mapper
pkgs.perl5Packages.CatalystAuthenticationCredentialHTTP
HTTP Basic and Digest authentication for Catalyst
pkgs.perl5Packages.CatalystAuthenticationStoreDBIxClass
Extensible and flexible object <-> relational mapper
pkgs.python313Packages.microsoft-kiota-authentication-azure
Kiota Azure authentication provider
Package maintainers
-
@teutat3s teutat3s <teutates@mailbox.org>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>