CVE-2024-7211 – The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

https://notcve.org/view.php?id=CVE-2024-7211

The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. Note: The Identity Server on 1E Platform has been updated with the necessary patch. The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix. • https://www.1e.com/trust-security-compliance/cve-info •