CVE-2020-12283: URL Redirection to Untrusted Site ('Open Redirect')
(updated )
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
References
- github.com/advisories/GHSA-mx43-r985-5h4m
- github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md
- github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64
- github.com/sourcegraph/sourcegraph/compare/v3.15.0...v3.15.1
- github.com/sourcegraph/sourcegraph/pull/10167
- github.com/sourcegraph/sourcegraph/security/advisories/GHSA-mx43-r985-5h4m
- nvd.nist.gov/vuln/detail/CVE-2020-12283
- securitylab.github.com/advisories/GHSL-2020-085-sourcegraph
Detect and mitigate CVE-2020-12283 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →