CVE-2023-41080: URL Redirection to Untrusted Site ('Open Redirect')

August 25, 2023 (updated November 3, 2023)

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

References

lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
nvd.nist.gov/vuln/detail/CVE-2023-41080

Detect and mitigate CVE-2023-41080 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →