Open Redirect Vulnerability in Apereo CAS 6.6
CVE-2024-11207
Currently unrated
What is CVE-2024-11207?
An open redirect vulnerability exists in the Apereo CAS 6.6 application, specifically in its login functionality. An attacker can manipulate the 'redirect_uri' parameter, potentially redirecting users to malicious sites after authentication. This vulnerability can be exploited remotely, posing a significant risk to users who may unknowingly be redirected to unsafe destinations. Despite being notified early about this issue, the vendor has not publicly addressed or patched the vulnerability, increasing concern over the security of the application.
