Overview
- Description
- The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
- Source
- security@1e.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-601
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:1e:platform:8.4.1.229:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85744E52-16DF-43C6-AD32-9F7900998AB7"
},
{
"criteria": "cpe:2.3:a:1e:platform:23.7.1.80:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4D00FCE-9011-45B2-9BA2-0E2115948E39"
},
{
"criteria": "cpe:2.3:a:1e:platform:23.11.1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA3612F8-C90E-474B-8243-0543BCAAFE7C"
},
{
"criteria": "cpe:2.3:a:1e:platform:24.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C25D73-241A-4143-AB09-516A54FD1C3A"
}
],
"operator": "OR"
}
]
}
]