CVE-2024-21641

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Jan 5, 2024
Updated: Jan 18, 2024
CWE ID 601

Summary

CVE-2024-21641 is a vulnerability affecting Flarum, an open-source discussion platform software. Before version 1.8.5, the `/logout` route contained a redirect parameter that could be exploited by third parties. This parameter allowed for the redirection of users from a trusted domain of the Flarum installation to any malicious link. For logged-in users, logout confirmation was required before being redirected. However, guests were immediately redirected. This issue could be exploited by spammers to redirect users to malicious web addresses, posing a security risk. The vulnerability has been addressed and fixed in flarum/core version 1.8.5. A potential workaround for this issue involves using safe extensions that modify the logout route.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share