Bug #36644: Open Redirect weakness in links_controller.rb - Foreman

Actions

Copy link

Bug #36644

closed

Open Redirect weakness in links_controller.rb

Added by Evgeni Golov over 1 year ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Evgeni Golov

Category:

Security

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

2228860

Pull request:

https://github.com/theforeman/foreman/pull/9795

Fixed in Releases:

3.8.0

Found in Releases:

Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2228860

An open redirect weakness was found in Foreman's links_controller.rb. When using the root_url parameter, it is possible to redirect the user to an attacker controlled URL.

On a Foreman/Katello box, this can be triggered as simply as
https://foreman.example.com/links/manual?root_url=https://3w.tf

You can also use the plugin doc handler:
https://foreman.example.com/links/plugin_manual/?root_url=https://3w.tf&name=/

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #36644

Open Redirect weakness in links_controller.rb

Updated by The Foreman Bot over 1 year ago

Updated by The Foreman Bot over 1 year ago

Updated by Evgeni Golov over 1 year ago

Updated by Griffin Sullivan over 1 year ago

Updated by Ewoud Kohl van Wijngaarden over 1 year ago