Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Apr/57 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1040767 | Third Party Advisory VDB Entry |
https://ethan.pm/blackboard.txt | Third Party Advisory |
http://seclists.org/fulldisclosure/2018/Apr/57 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1040767 | Third Party Advisory VDB Entry |
https://ethan.pm/blackboard.txt | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:19
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2018/Apr/57 - Mailing List, Third Party Advisory | |
References | () http://www.securitytracker.com/id/1040767 - Third Party Advisory, VDB Entry | |
References | () https://ethan.pm/blackboard.txt - Third Party Advisory |
Information
Published : 2018-04-30 13:29
Updated : 2024-11-21 03:19
NVD link : CVE-2017-18262
Mitre link : CVE-2017-18262
CVE.ORG link : CVE-2017-18262
JSON object : View
Products Affected
blackboard
- blackboard_learn