CVE-2024-25715
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-25715
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25715.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-25715
- Downstream
- Published
- 2024-02-11T03:15:09Z
- Modified
- 2025-10-14T12:00:12.126668Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
- References
Affected packages
Git / github.com/babelouest/glewlwyd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/babelouest/glewlwyd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.0
1.0.1
1.1
1.1.1
1.1.2
1.2
1.2.1
1.2.2
v1.*
v1.2.3
v1.2.4
v1.3
v1.3.1
v1.3.2
v1.3.2-b
v1.3.2-b.2
v1.3.2-b.3
v1.3.2-b.4
v1.3.2-b.5
v1.3.2-b.6
v1.3.3
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v2.*
v2.0.0
v2.0.0-b1
v2.0.0-b2
v2.0.0-b3
v2.0.0-rc1
v2.0.0-rc2
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
Database specific
{
"vanir_signatures": [
{
"target": {
"function": "check_auth_type_implicit_grant",
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"length": 6926.0,
"function_hash": "305326252675094698886171962393957198154"
},
"deprecated": false,
"id": "CVE-2024-25715-2a9aa912",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
},
{
"target": {
"function": "check_client_valid",
"file": "src/plugin/protocol_oidc.c"
},
"digest": {
"length": 3849.0,
"function_hash": "129242278313051838333719557145196826223"
},
"deprecated": false,
"id": "CVE-2024-25715-31a991d3",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75"
},
{
"target": {
"function": "callback_oidc_authorization",
"file": "src/plugin/protocol_oidc.c"
},
"digest": {
"length": 41389.0,
"function_hash": "58267382957991860819786695378069901592"
},
"deprecated": false,
"id": "CVE-2024-25715-46242337",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75"
},
{
"target": {
"function": "check_client_valid",
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"length": 3158.0,
"function_hash": "255028357585823652072478087666516120692"
},
"deprecated": false,
"id": "CVE-2024-25715-6642b6f8",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
},
{
"target": {
"file": "src/plugin/protocol_oidc.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"33535823004687337494263038111404177292",
"183043126091313464394400830988575293380",
"279699250717442048308498371156187617940",
"299213079226351127758556624712360391554",
"293260097309440091084689450157542956441",
"291034209026854424453454454181911147763",
"222004917322872157889601302285759810391",
"174853716572822638623057025217684999077",
"70618067548651998379070876251170189711",
"183739236566980831183136591413207985121",
"211765644604404933526632629833246285353",
"45271605646171001388490069455474026212",
"146344851152721614486905382900828415308",
"279699250717442048308498371156187617940",
"107856085349755354558667822612128268482",
"291573009797637484782057973330201911843",
"88170891324325941467591469411646397766",
"73297388925658176835248503529371698119",
"59798275973811619743386964954187037876",
"107856085349755354558667822612128268482",
"179053246700345604705176167667273181456",
"108217244838273045297463976812337995557",
"322725964703548113197675819217133515701",
"79181953776443612969945718005537886952",
"126787554072330187865506354091182455461",
"20261507360446283090658986851377648451",
"110829180357372365265592551314813884552",
"229584084740855041818874800120713798238",
"126787554072330187865506354091182455461",
"198824746662144348446359616246558603333",
"237711126858556546588735472893998069192",
"137527965651335332609865058737788761379",
"26196211270958534901073510397256479074",
"166576613399186589427734095037229098907",
"139089253827954231917552648744532116561"
]
},
"deprecated": false,
"id": "CVE-2024-25715-772bec17",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75"
},
{
"target": {
"function": "validate_code_challenge",
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"length": 1323.0,
"function_hash": "196242897050377667178710727507912673170"
},
"deprecated": false,
"id": "CVE-2024-25715-8af9cfa2",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
},
{
"target": {
"function": "callback_oauth2_authorization",
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"length": 2050.0,
"function_hash": "302496929038530433953939158092992675896"
},
"deprecated": false,
"id": "CVE-2024-25715-8ff892fa",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
},
{
"target": {
"function": "check_client_valid_without_secret",
"file": "src/plugin/protocol_oidc.c"
},
"digest": {
"length": 2946.0,
"function_hash": "317863713216776707223234112406640395538"
},
"deprecated": false,
"id": "CVE-2024-25715-943a8be7",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75"
},
{
"target": {
"function": "check_auth_type_auth_code_grant",
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"length": 7547.0,
"function_hash": "275849248502137297618737347978493157367"
},
"deprecated": false,
"id": "CVE-2024-25715-ac5cce19",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
},
{
"target": {
"function": "check_client_redirect_uri_valid",
"file": "src/plugin/protocol_oidc.c"
},
"digest": {
"length": 833.0,
"function_hash": "68006387371237360506343471235911584345"
},
"deprecated": false,
"id": "CVE-2024-25715-d67f90a2",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75"
},
{
"target": {
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"268779629544137876728787490365454292915",
"325838970564240800955650846110478750235",
"171525116112324948247679096646646938090",
"5935804377694345188987748079812606908",
"159640271106897059327204578493106561988",
"30069892695994148085957927616111074246",
"80770273417985477564790470332483513627",
"21313906512790673297843599204377320596",
"82617781207474275494325291510530126993",
"293702082577083820625232219930070407545",
"96204398917980420096708776911242843163",
"203490485135675901020267928411487048037",
"174853716572822638623057025217684999077",
"70618067548651998379070876251170189711",
"183739236566980831183136591413207985121",
"211765644604404933526632629833246285353",
"45271605646171001388490069455474026212",
"146344851152721614486905382900828415308",
"279699250717442048308498371156187617940",
"315725968733872036834747086600424284590",
"198080919802997318201962354687688975530",
"134980844653855618911933761999844118166",
"219652531817252128942440670921041933755",
"289736173320635121935053769322095028582",
"215362498696660630159867587467182752379",
"69819371600285103731248499532589437256",
"225705134000893731853899925003174789189",
"1842092586300298197855474761581307893",
"184641244784853539830892107624889790844",
"160407715941458974660103800331906425069",
"270098358139689107217004484573954889236",
"249807219373662475621427253296276096407",
"78525737386590333110915937480696423291",
"259579097950010564578358914023900855538",
"43664653157003002988335431700150067548",
"93103311644695082010403821276624079003",
"190261197448325732235572242292964236904",
"204745223237709162367587779246246646170",
"79462363582103779187923615261276359502",
"149295064553372701528177559232416439774",
"85108583732707720984421559863979430513",
"170455506357009242808735801765100190854",
"33004255521802584751000836447419677645",
"332969491542411341037039023928437274360",
"105581342449073627868415644862490742136",
"268010815112544579566034514842356304985",
"319366339920455569992027145749995899022",
"165153198343721945044632750500612447961",
"295630671775721999808659517227151348559",
"79506043276899507194508073425030219922",
"65188634574262086104835304196684953276",
"138537110612359880275685574698393303422",
"323312373059665209094894854388677749100",
"161341828359404154726431364662124792721",
"152258467597968073828972226687528584316",
"293793612086028926621739483432239445416",
"130861239269982633095308189898362054571",
"58722880963028119908886709705897933132",
"319827351456105837636675215052511896579",
"128572037312203078204940618944374302403",
"242360916498412509900913717656414762970",
"200280027571328951564672616362923187312",
"62980459987923276015650165700958782300",
"251794657814596096210885170696035027082",
"142022008073221631009326921995607834270",
"228214037910056219669307119806581414294",
"191542142679624891904939327170310029374",
"242574623047910060267922002539984785961",
"3578323513688036085221116172205673756",
"312243327505586259441758112047089313330",
"259053997517723106563322721549179650817",
"113172477437696913136951552953052814419",
"249579466826042875193945039076390467888",
"114081486650684915866083592735143561898",
"148465175021828772748550631877866597490",
"227706758321620521815355548143684181742",
"266578213162460379877451619976520284681",
"171531366410700529352546904794471353601",
"50262631321878145702530587739858597202",
"92855406015220621336950800148537811997",
"131464392555177538402226608719284990124",
"271911606280811603816649486286129076207",
"249661086729085992272255938910351644545",
"19440569782810886563838226935815680312",
"20891926375324727212366514471712684167",
"242360916498412509900913717656414762970",
"200280027571328951564672616362923187312",
"62980459987923276015650165700958782300",
"251794657814596096210885170696035027082",
"142022008073221631009326921995607834270",
"217623007500641952857805631818185445238",
"41225033453517514209271774676093135281",
"315778504566265069271242101717055451905",
"312243327505586259441758112047089313330",
"259053997517723106563322721549179650817",
"113172477437696913136951552953052814419",
"249579466826042875193945039076390467888",
"114081486650684915866083592735143561898",
"148465175021828772748550631877866597490",
"227706758321620521815355548143684181742",
"266578213162460379877451619976520284681",
"171531366410700529352546904794471353601",
"50262631321878145702530587739858597202",
"92855406015220621336950800148537811997",
"131464392555177538402226608719284990124",
"271911606280811603816649486286129076207",
"86695536268874235560269757098713206317",
"145270085604310822758099879376509362006",
"163144534489549136933959534350047746291",
"319395115995224295614673151498817124841",
"337842337241362813051177683456423009121",
"95477240361554356686827281494338695779",
"61808725905173887193793616025018692040",
"5943704031777657098304816626141211297",
"166085952275325360982310521162099972281",
"262330429244760330484095676901143381557",
"198661548019559882542983799416370761693",
"163306790245498135098074224831550862418",
"251129144413764381214251180794184552634",
"27935657089669898623567371981001578747",
"297229706324968601574082814964502343601",
"233396979977361598221412664320916123984",
"270375562032944963082631396939908467046",
"283860109710290119557375865078995839767",
"230785614654686987822568383847561348567",
"86267611689422602571511862690164233963",
"217362788775769110404101995589379041613",
"290270572384510357627308672307058611406",
"338044551931167804366833101038031211441",
"306888764004064285867407052613531953245",
"37692002006753905667603633826124552789",
"257895629589471713722589903897659197237",
"114029283661562706538743944780522000923",
"297229706324968601574082814964502343601",
"233396979977361598221412664320916123984",
"270375562032944963082631396939908467046",
"283860109710290119557375865078995839767",
"230785614654686987822568383847561348567",
"86267611689422602571511862690164233963",
"217362788775769110404101995589379041613",
"109261779833926904309908563680604758996",
"79608604983840846418282353903835468649",
"23474941234358181087223979579988632425",
"297229706324968601574082814964502343601",
"233396979977361598221412664320916123984",
"270375562032944963082631396939908467046",
"283860109710290119557375865078995839767",
"230785614654686987822568383847561348567",
"86267611689422602571511862690164233963",
"217362788775769110404101995589379041613",
"128489278913648188388380891397343380368",
"94926095902374361687625782578313051934"
]
},
"deprecated": false,
"id": "CVE-2024-25715-dfbbf7b5",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
},
{
"target": {
"function": "validate_authorization_code",
"file": "src/plugin/protocol_oauth2.c"
},
"digest": {
"length": 5099.0,
"function_hash": "266838540032513868227849021922834587438"
},
"deprecated": false,
"id": "CVE-2024-25715-f95bdf44",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754"
}
]
}