CVE-2024-7312

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*

History

13 Sep 2024, 16:27

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de redirección de URL a un sitio no confiable ('Redirección abierta') en Payara Platform Payara Server (módulos de interfaz de administración REST) permite el secuestro de sesión. Este problema afecta a Payara Server: desde 6.0.0 antes de 6.18.0, desde 6.2022.1 antes de 6.2024.9, desde 5.2020.2 antes de 5.2022.5, desde 5.20.0 antes de 5.67.0, desde 4.1.2.191.0 antes de 4.1.2.191.50.
First Time Payara
Payara payara
CPE cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References () https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html - () https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html - Release Notes
References () https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html - () https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html - Release Notes

11 Sep 2024, 20:15

Type Values Removed Values Added
References
  • {'url': 'https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.67.0.html', 'source': '769c9ae7-73c3-4e47-ae19-903170fc3eb8'}
  • () https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html -

11 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-11 16:15

Updated : 2024-09-13 16:27


NVD link : CVE-2024-7312

Mitre link : CVE-2024-7312

CVE.ORG link : CVE-2024-7312


JSON object : View

Products Affected

payara

  • payara
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')