How severe is CVE-2024-53264?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-53264?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2024-53264 - MEDIUM Severity | CVSS N/A

Vulnerability Description

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated "next" parameter for redirects. Ex. visiting: `/loading?next=https://google.com` while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2022-31657

CRITICAL

CVSS:9.8(Critical)

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

CWE-6012022

CVE-2024-22891

CRITICAL

CVSS:9.8(Critical)

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

CWE-6012024

CVE-2022-40083

CRITICAL

CVSS:9.6(Critical)

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery ...

CWE-6012022

CVE-2022-41559

CRITICAL

CVSS:9.3(Critical)

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on t...

CWE-6012022

CVE-2017-8989

CRITICAL

CVSS:9.1(Critical)

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

CWE-6012017

CVE-2024-33661

CRITICAL

CVSS:9.1(Critical)

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

CWE-6012024