Vulnerability in Eclipse Glassfish Could Lead to Redirect to Untrusted Sites
CVE-2024-8646

6.1MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Glassfish
Vendor: CVE Published:; 11 September 2024

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2024-8646?

In the affected versions of Eclipse Glassfish (prior to 7.0.10), a URL redirection vulnerability exists that allows attackers to redirect users to untrusted sites. This vulnerability is linked to an earlier issue in the Apache code utilized within GlassFish, specifically impacting applications that are deployed to the root context ('/'). It's crucial for developers and organizations utilizing Glassfish to address this security issue to protect against potential phishing attempts and unauthorized data access.

Affected Version(s)

Eclipse Glassfish 5.1.0 < 7.0.10

References

https://gitlab.eclipse.org/security/vulnerability-reports...

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

https://github.com/eclipse-ee4j/glassfish/pull/24655

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Sep 10, 2024