CVE-2017-7266

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7266
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7266.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7266
Aliases
Published
2017-03-26T05:59:00Z
Modified
2025-01-08T10:13:33.714037Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

References

Affected packages

Git / github.com/netflix/security_monkey

Affected ranges

Type
GIT
Repo
https://github.com/netflix/security_monkey
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.3.0

Other

0_1_2_test_1
0_2_0
S3ACLReturnedNoneDisplayName_exception_spelling
add_ELBSecurityPolicy-2015-05_issue_154
alembic_version_595e27f36454_fails_on_clean_db
cascade_account_deletes
configurable_api_server
connect_ses_exception_not_caught
documentation_fixes
exception_with_elbs_missing_PolicyDescriptions_section
issue_117_auditorsettings_never_created
issue_12_deleting_account_foreign_key_constraint
issue_156_configurable_threadcount
issue_329_watcher_exception
issue_331_ssl_watcher_fails_on_elliptic_curve
issue_42_elb_pagination_broke_elb_watcher
issue_52_iam_users_missing_pagination
issue_98_iamgroup_watcher_missing_boto_markers
managed_policies_python_scoping_issue_149
missing_ignorelist_alembic_script
quickstart_manage_amazon_accounts_fix
sns_name_overflow_issue_152
unenforced_field_limits_throw_exceptions
update_quickstart_documentation
upgrade_flask_security

lsv0.*

lsv0.3.4

upgrade_cryptography_1.*

upgrade_cryptography_1.3.1

v0.*

v0.3.4
v0.3.5
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.5.0
v0.6.0