GHSA-hfj7-542q-8fvv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hfj7-542q-8fvv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-hfj7-542q-8fvv/GHSA-hfj7-542q-8fvv.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hfj7-542q-8fvv
- Aliases
- Published
- 2025-07-17T19:40:59Z
- Modified
- 2025-07-17T20:27:17.945781Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- DiracX-Web is vulnerable to attack through an Open Redirect on its login page
- Details
-
Summary
An attacker can forge a request to redirect an authenticated user to any arbitrary website.
Details
On the login page, we have a
redirectfield which is the location where the server will redirect the user. This URI is not verified, and can be an arbitrary URI.Paired with a parameter pollution, we can hide our malicious URI (ex:
https://dns.com/?param1=im_hidden_if_theres_lot_of_args?param1=bbb).PoC
https://diracx-cert.app.cern.ch/auth?redirect=https://ipcim.com/en/where/?dsdsd=qsqsfsjfnsfniizaeiaapzqlalkqkaizqqijsjaopmqmxna?redirect=https://diracx-cert-app.cern.ch/auth
This POC can leak user's position.
Impact
This could be used for phishing and extracting new data (such as redirecting to a new "log in" page, and asking users to reenter credentials).
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2025-07-17T19:40:59Z", "cwe_ids": [ "CWE-601" ], "nvd_published_at": "2025-07-17T15:15:27Z" }- References
Affected packages
npm / @dirac-grid/diracx-web-components
Package
- Name
- @dirac-grid/diracx-web-components
- View open source insights on deps.dev
- Purl
- pkg:npm/%40dirac-grid/diracx-web-components