CVE-2018-11041

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-11041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-11041
Aliases
Published
2018-06-25T15:29:00.410Z
Modified
2026-03-12T22:47:22.475411Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.

References

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
857c4931c44523984d08d7e83187e98a0aa5d13d
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d5dfe4b5e55b85fb7876850e70f0f5e0d41d1dff
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
78971006ec1bb7a4831d4ec64c8988883903dd95
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.7.5"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "4.10.1"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "4.19.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d3bf7051e59cde104ae90775d56bd7964ea4231c
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e4019aabfdf7dbc65d0f156e402c97936d1df283
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d68510790f3d4bfd409678013cd5a63e9ac1b1b3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "52.9"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "55.1"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "60"
        }
    ]
}

Affected versions

1.*
1.0.1
1.0.2
1.0.3
1.1
1.1.1
1.1.2
1.10
1.11
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.2.4
2.2.4.1
2.2.5
2.2.6
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.7.0.1
2.7.0.2
2.7.0.3
2.7.1
2.7.2
2.7.3
3.*
3.0.0
3.0.1
3.1.0
3.10.0
3.11.0
3.12.0
3.13.0
3.14.0
3.15.0
3.16.0
3.2.0
3.2.1
3.3.0
3.3.0.1
3.4.0
3.4.1
3.4.2
3.5.0
3.6.0
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.8.0
3.9.0
3.9.1
3.9.2
3.9.3
4.*
4.0.0
4.1.0
4.10.0
4.11.0
4.12.0
4.12.1
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.14.0
4.15.0
4.16.0
4.17.0
4.18.0
4.2.0
4.3.0
4.4.0
4.5.0
4.6.0
4.6.1
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.8.0
4.8.1
4.8.2
4.8.3
4.9.0
Other
ci-upgrade
lenient_hybrid_flow
travis-success-1475
travis-success-1478
travis-success-1497
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v3
v30
v31
v33
v39
v4
v40
v41
v43
v44
v45
v5
v50
v51
v52
v53
v54
v55
v56
v57
v58
v59
v6
v7
v8
v9
releases/4.*
releases/4.15.0
v11.*
v11.1
v11.2
v11.3
v12.*
v12.1
v12.2
v12.3
v30.*
v30.1
v52.*
v52.1
v52.2
v52.4
v52.5
v52.6
v52.7
v52.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11041.json"