CVE-2018-11041

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11041

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11041.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11041

Aliases

GHSA-xh4m-99qp-w483

Published

2018-06-25T15:29:00Z

Modified

2025-01-14T07:21:08.124401Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.

References

https://www.cloudfoundry.org/blog/cve-2018-11041/

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

857c4931c44523984d08d7e83187e98a0aa5d13d

Type: GIT
Repo: https://github.com/cloudfoundry/uaa-release
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d3bf7051e59cde104ae90775d56bd7964ea4231c

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.10

1.11

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.2.0

2.2.4

2.2.4.1

2.2.5

2.2.6

2.3.0

2.3.1

2.3.1.1

2.4.0

2.4.1

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2

2.7.0

2.7.0.1

2.7.0.2

2.7.0.3

2.7.1

2.7.2

2.7.3

3.*

3.0.0

3.0.1

3.1.0

3.10.0

3.11.0

3.12.0

3.13.0

3.14.0

3.15.0

3.16.0

3.2.0

3.2.1

3.3.0

3.3.0.1

3.4.0

3.4.1

3.4.2

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

4.*

4.0.0

4.1.0

4.2.0

4.3.0

4.4.0

4.5.0

4.6.0

4.6.1

4.7.0

4.7.1

4.7.2

4.7.3

4.7.4

Other

ci-upgrade

lenient_hybrid_flow

travis-success-1475

travis-success-1478

travis-success-1497

v10

v11

v12

v13

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v28

v30

v31

v33

v39

v40

v41

v43

v44

v45

v50

v51

v52

v11.*

v11.1

v11.2

v11.3

v12.*

v12.1

v12.2

v12.3

v30.*

v30.1

v52.*

v52.1

v52.2

v52.4

v52.5

v52.6

v52.7

v52.8