GHSA-4hr2-xf7w-jf76
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4hr2-xf7w-jf76
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-4hr2-xf7w-jf76/GHSA-4hr2-xf7w-jf76.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4hr2-xf7w-jf76
- Aliases
- Published
- 2025-12-04T16:57:17Z
- Modified
- 2025-12-05T12:42:56.812589Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Central Dogma's Login Function Has an Open Redirect Vulnerability
- Details
-
Impact
Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance.
Patches
This vulnerability is addressed and resolved in Central Dogma version 0.78.0. The server operators who run Central Dogma server with Shiro authentication are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the open redirect vulnerability.
Workarounds
Implement
AuthProviderto overrideswebLoginService().References
- https://cwe.mitre.org/data/definitions/601.html
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-601" ], "github_reviewed_at": "2025-12-04T16:57:17Z", "nvd_published_at": "2025-12-04T13:15:46Z" }- References
Affected packages
Maven / com.linecorp.centraldogma:centraldogma-server-auth-shiro
Package
- Name
- com.linecorp.centraldogma:centraldogma-server-auth-shiro
- View open source insights on deps.dev
- Purl
- pkg:maven/com.linecorp.centraldogma/centraldogma-server-auth-shiro
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.78.0
Affected versions
0.*
0.33.0
0.34.0
0.35.0
0.35.1
0.36.0
0.37.0
0.38.0
0.39.0
0.39.1
0.39.2
0.40.0
0.40.1
0.41.0
0.41.1
0.41.2
0.41.3
0.41.4
0.42.0
0.43.0
0.43.1
0.43.2
0.43.3
0.43.4
0.44.0
0.44.1
0.44.2
0.44.3
0.44.4
0.44.5
0.44.6
0.44.7
0.44.8
0.44.9
0.44.10
0.44.11
0.44.12
0.44.13
0.44.14
0.45.0
0.45.1
0.46.0
0.46.1
0.47.0
0.47.1
0.48.0
0.49.0
0.49.1
0.50.0
0.51.0
0.51.1
0.52.0
0.52.1
0.52.2
0.52.3
0.52.4
0.52.5
0.52.6
0.53.0
0.53.1
0.54.0
0.55.0
0.55.1
0.55.2
0.56.0
0.56.1
0.56.2
0.57.0
0.57.1
0.57.2
0.57.3
0.58.0
0.58.1
0.59.0
0.60.0
0.60.1
0.61.0
0.61.1
0.61.2
0.61.3
0.61.4
0.61.5
0.62.0
0.62.1
0.63.0
0.63.1
0.63.2
0.63.3
0.64.0
0.64.1
0.64.2
0.64.3
0.65.0
0.65.1
0.66.0
0.66.1
0.67.0
0.67.1
0.67.2
0.67.3
0.68.0
0.69.0
0.69.1
0.70.0
0.71.0
0.72.0
0.73.0
0.73.1
0.74.0
0.75.0
0.75.1
0.76.0
0.77.0
0.77.1
0.77.2
0.77.3
0.77.4