Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-7167

Open Redirect Vulnerabilities

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • 5.4.11
    • security
    • None

    Description

      In MAGNOLIA-5991 the option to do a GET login with additional parameters were removed to avoid malicious links.

      But there are valid use cases for redirects after logins and this was addressed in MAGNOLIA-6043 by introducing mglnReturnTo Parameter. The problem with this generic parameter is, that is allows any kind of malicious redirects and also invalidates MAGNOLIA-5991.

      Example Link: http://localhost:8080/konto?mgnlReturnTo=http%3A%2F%2Fexample.com%2Fnext

      More on the topic: https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Discovering-Open-Redirect-Vulnerabilities/

      A solution would be to keep the support for mglnReturnTo but maintain a white list of allowed urls and parameter names.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                pbaerfuss Philipp Bärfuss
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD