1 results (0.001 seconds)
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49104
https://notcve.org/view.php?id=CVE-2023-49104
21 Nov 2023 — An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. Se descubrió un problema en ownCloud owncloud/oauth2 anterior a 0.6.1, cuando Permitir subdominios está habilitado. Un atacante puede pasar una URL de redireccionamiento manipulada que omite la validación y, en consecuencia,... • https://owncloud.com/security-advisories/subdomain-validation-bypass • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •