CVE-2024-8412

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxos:shakal-ng:*:*:*:*:*:*:*:*

History

12 Sep 2024, 16:47

Type Values Removed Values Added
References () https://github.com/LinuxOSsk/Shakal-NG/commit/ebd1c2cba59cbac198bf2fd5a10565994d4f02cb - () https://github.com/LinuxOSsk/Shakal-NG/commit/ebd1c2cba59cbac198bf2fd5a10565994d4f02cb - Patch
References () https://github.com/LinuxOSsk/Shakal-NG/issues/202 - () https://github.com/LinuxOSsk/Shakal-NG/issues/202 - Exploit, Issue Tracking
References () https://github.com/LinuxOSsk/Shakal-NG/issues/202#issuecomment-2325187434 - () https://github.com/LinuxOSsk/Shakal-NG/issues/202#issuecomment-2325187434 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.276492 - () https://vuldb.com/?ctiid.276492 - Permissions Required
References () https://vuldb.com/?id.276492 - () https://vuldb.com/?id.276492 - Third Party Advisory
References () https://vuldb.com/?submit.400792 - () https://vuldb.com/?submit.400792 - Third Party Advisory
CPE cpe:2.3:a:linuxos:shakal-ng:*:*:*:*:*:*:*:*
First Time Linuxos
Linuxos shakal-ng
CVSS v2 : 4.0
v3 : 4.3
v2 : 4.0
v3 : 6.1

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en LinuxOSsk Shakal-NG hasta la versión 1.3.3. Se ve afectada una función desconocida del archivo comments/views.py. La manipulación del argumento next provoca una redirección abierta. Es posible lanzar el ataque de forma remota. El nombre del parche es ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. Se recomienda aplicar un parche para solucionar este problema.

04 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 16:15

Updated : 2024-09-12 16:47


NVD link : CVE-2024-8412

Mitre link : CVE-2024-8412

CVE.ORG link : CVE-2024-8412


JSON object : View

Products Affected

linuxos

  • shakal-ng
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')