October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.
References
Link | Resource |
---|---|
https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5 | Third Party Advisory |
Configurations
History
19 Sep 2024, 16:57
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
Summary |
|
|
First Time |
Octobercms october
Octobercms |
|
CPE | cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:* | |
References | () https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5 - Third Party Advisory |
26 Jun 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-26 01:15
Updated : 2024-09-19 16:57
NVD link : CVE-2024-24764
Mitre link : CVE-2024-24764
CVE.ORG link : CVE-2024-24764
JSON object : View
Products Affected
octobercms
- october
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')