CVE-2024-24764

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.
Configurations

Configuration 1 (hide)

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

History

19 Sep 2024, 16:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.5
v2 : unknown
v3 : 4.8
Summary
  • (es) October es una plataforma CMS autohospedada basada en Laravel PHP Framework. Este problema afecta a los administradores autenticados que pueden ser redirigidos a una URL que no es de confianza mediante el esquema de PageFinder. El solucionador del esquema de enlace del buscador de páginas (`october://`) permitía enlaces externos, por lo que permitía una redirección abierta fuera del alcance del host activo. Esta vulnerabilidad ha sido parcheada en la versión 3.5.15.
First Time Octobercms october
Octobercms
CPE cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*
References () https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5 - () https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5 - Third Party Advisory

26 Jun 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-26 01:15

Updated : 2024-09-19 16:57


NVD link : CVE-2024-24764

Mitre link : CVE-2024-24764

CVE.ORG link : CVE-2024-24764


JSON object : View

Products Affected

octobercms

  • october
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')