Open Redirect Vulnerability in Netflix Security Monkey
CVE-2017-7266

6.1MEDIUM

Key Information:

Vendor

Netflix

Status
Security Monkey
Vendor
CVE Published:
26 March 2017
đź”” Create Netflix Vulnerability Alert

What is CVE-2017-7266?

A security flaw exists in Netflix Security Monkey versions prior to 0.8.0 that allows for Open Redirect attacks. This vulnerability arises from how the logout functionality processes the 'next' parameter, which can redirect users to unauthorized external domains regardless of the Host header. This could potentially be exploited by attackers to lure users into phishing sites or malicious environments, posing significant risks to user data and application integrity.

References

https://github.com/Netflix/security_monkey/releases/tag/v...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97088
vdb-entryx_refsource_BID
https://github.com/Netflix/security_monkey/commit/3b4da13...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.