CVE-2024-24764
October Open Redirect for Administrator Accounts
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.
October es una plataforma CMS autohospedada basada en Laravel PHP Framework. Este problema afecta a los administradores autenticados que pueden ser redirigidos a una URL que no es de confianza mediante el esquema de PageFinder. El solucionador del esquema de enlace del buscador de páginas (`october://`) permitía enlaces externos, por lo que permitía una redirección abierta fuera del alcance del host activo. Esta vulnerabilidad ha sido parcheada en la versión 3.5.15.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-29 CVE Reserved
- 2024-06-26 CVE Published
- 2024-08-01 CVE Updated
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Octobercms Search vendor "Octobercms" | October Search vendor "Octobercms" for product "October" | >= 3.2.0 < 3.5.15 Search vendor "Octobercms" for product "October" and version " >= 3.2.0 < 3.5.15" | en |
Affected
|