Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-53995

Jan. 8, 2025, 9:15 p.m.

Tags

security-advisories@github.com
CWE-601
2025-01-08
CVE-2024-53995

Product(s) Impacted

SickChill

  • before c7128a8946c3701df95c285810eb75b2de18bf82

Description

SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.

Weaknesses

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

CWE ID: 601

Date

Published: Jan. 8, 2025, 9:15 p.m.

Last Modified: Jan. 8, 2025, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com
https://securitylab.github.com/ security-advisories@github.com