CVE Vulnerability
CVE-2018-15178
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial / substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
References
| Link | Resource |
|---|---|
| https://github.com/gogs/gogs/pull/5365 | Third Party Advisory |
| https://github.com/gogs/gogs/issues/5364 | Exploit Third Party Advisory |
Configurations
Configuration 1
|
Information
Published : 2018-08-08 12:29
Updated : 2018-10-05 01:18
NVD link : CVE-2018-15178
Mitre link : CVE-2018-15178
Products Affected
No products.
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')