GHSA-qm5v-pj64-852j: Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener object.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/passbolt/passbolt_api/2019-08-07-3.yaml
- github.com/advisories/GHSA-qm5v-pj64-852j
- github.com/passbolt/passbolt_api
- github.com/passbolt/passbolt_api/commit/f568e113beb3134446eda9e66400d28d726ee20d
- www.passbolt.com/incidents/20190807_multiple_vulnerabilities
Detect and mitigate GHSA-qm5v-pj64-852j with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →