CVE-2024-11207: Apereo CAS login redirect
First published: Thu Nov 14 2024(Updated: )
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apereo phpCAS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11207?
CVE-2024-11207 is classified as a problematic vulnerability with the potential for open redirect.
How do I fix CVE-2024-11207?
To fix CVE-2024-11207, ensure that the redirect_uri parameter is validated and sanitized to prevent unauthorized redirection.
Who is affected by CVE-2024-11207?
CVE-2024-11207 affects users of Apereo CAS version 6.6.
What type of attack is possible with CVE-2024-11207?
CVE-2024-11207 allows attackers to conduct open redirect attacks remotely.
What is the exploit mechanism for CVE-2024-11207?
The exploit mechanism for CVE-2024-11207 involves manipulating the redirect_uri argument in the /login functionality.
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apereo
- canonical/apereo phpcas