- Description
- Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.
- Source
- security-advisories@github.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 4.7
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-601
- Hype score
- Not currently trending
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5C4E508-EB5A-43B9-B11C-81977B5BA70D", "versionEndExcluding": "1.8.5" } ], "operator": "OR" } ] } ]