CVE-2024-24764

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-26 01:15

Updated : 2024-06-26 12:44

NVD link : CVE-2024-24764

Mitre link : CVE-2024-24764

CVE.ORG link : CVE-2024-24764

JSON object : View

Products Affected

No product.

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

3.5 /10