Project

General

Profile

Actions
Copy link

Bug #36644

closed

Open Redirect weakness in links_controller.rb

Added by Evgeni Golov over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Evgeni Golov
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
2228860
Pull request:
https://github.com/theforeman/foreman/pull/9795
Fixed in Releases:
3.8.0
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2228860

An open redirect weakness was found in Foreman's links_controller.rb. When using the root_url parameter, it is possible to redirect the user to an attacker controlled URL.

On a Foreman/Katello box, this can be triggered as simply as
https://foreman.example.com/links/manual?root_url=https://3w.tf

You can also use the plugin doc handler:
https://foreman.example.com/links/plugin_manual/?root_url=https://3w.tf&name=/

Actions
Copy link
 #1

Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Assignee set to Evgeni Golov
  • Pull request https://github.com/theforeman/foreman/pull/9795 added
Actions
Copy link
 #2

Updated by The Foreman Bot over 1 year ago

  • Fixed in Releases 3.8.0 added
Actions
Copy link
 #3

Updated by Evgeni Golov over 1 year ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #4

Updated by Griffin Sullivan over 1 year ago

  • Subject changed from Foreman: Open Redirect weakness in links_controller.rb to Foreman: Open Redirect weakness in links_controller.rb
Actions
Copy link
 #5

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Subject changed from Foreman: Open Redirect weakness in links_controller.rb to Open Redirect weakness in links_controller.rb
  • Category set to Security
  • Triaged changed from No to Yes
Actions
Copy link

Also available in: Atom PDF