CVE-2024-7312

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*

History

13 Sep 2024, 16:27

Type Values Removed Values Added
References () https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html - () https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html - Release Notes
References () https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html - () https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html - Release Notes
First Time Payara
Payara payara
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) Vulnerabilidad de redirección de URL a un sitio no confiable ('Redirección abierta') en Payara Platform Payara Server (módulos de interfaz de administración REST) permite el secuestro de sesión. Este problema afecta a Payara Server: desde 6.0.0 antes de 6.18.0, desde 6.2022.1 antes de 6.2024.9, desde 5.2020.2 antes de 5.2022.5, desde 5.20.0 antes de 5.67.0, desde 4.1.2.191.0 antes de 4.1.2.191.50.
CPE cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*

11 Sep 2024, 20:15

Type Values Removed Values Added
References
  • {'url': 'https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.67.0.html', 'source': '769c9ae7-73c3-4e47-ae19-903170fc3eb8'}
  • () https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html -

11 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-11 16:15

Updated : 2024-09-13 16:27


NVD link : CVE-2024-7312

Mitre link : CVE-2024-7312

CVE.ORG link : CVE-2024-7312


JSON object : View

Products Affected

payara

  • payara
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')