// For flags

CVE-2021-3639

mod_auth_mellon: Open Redirect vulnerability in logout URLs

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

Se ha encontrado un fallo en mod_auth_mellon que no sanea correctamente las URL de cierre de sesión. Este problema podría ser usado por un atacante para facilitar los ataques de phishing engañando a usuarios para que visiten la URL de una aplicación web confiable que redirige a un servidor externo y potencialmente malicioso. La mayor amenaza de esta responsabilidad es para la confidencialidad y la integridad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-07-09 CVE Reserved
  • 2021-09-09 CVE Published
  • 2024-03-14 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Uninett
Search vendor "Uninett"
 Mod Auth Mellon
Search vendor "Uninett" for product "Mod Auth Mellon"
 < 0.18.0
Search vendor "Uninett" for product "Mod Auth Mellon" and version " < 0.18.0"
-
Affected