Open Redirect Vulnerability in Apereo CAS 6.6
CVE-2024-11207

Currently unrated

Key Information:

Vendor

Apereo

Vendor
CVE Published:
14 November 2024

What is CVE-2024-11207?

An open redirect vulnerability exists in the Apereo CAS 6.6 application, specifically in its login functionality. An attacker can manipulate the 'redirect_uri' parameter, potentially redirecting users to malicious sites after authentication. This vulnerability can be exploited remotely, posing a significant risk to users who may unknowingly be redirected to unsafe destinations. Despite being notified early about this issue, the vendor has not publicly addressed or patched the vulnerability, increasing concern over the security of the application.

References

Timeline

  • Vulnerability published

.