1695979 – (CVE-2019-3778) CVE-2019-3778 spring-security-oauth2: Open redirect via the "redirect_uri" parameter

Bug 1695979 (CVE-2019-3778) - CVE-2019-3778 spring-security-oauth2: Open redirect via the "redirect_uri" parameter

Summary: CVE-2019-3778 spring-security-oauth2: Open redirect via the "redirect_uri" pa...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-3778
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1695980
TreeView+	depends on / blocked

Reported:	2019-04-04 01:08 UTC by Pedro Sampaio
Modified:	2019-09-29 15:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-09-16 18:45:33 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2019-04-04 01:08:22 UTC

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.

References:

https://pivotal.io/security/cve-2019-3778

Comment 1 Product Security DevOps Team 2019-09-16 18:45:33 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-3778

Note You need to log in before you can comment on or make changes to this bug.