Comment 19 for bug 1865026
Revision history for this message
| Gage Hugo (gagehugo) wrote Re: Open redirect in workflow forms | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
First impact draft below, please review and suggest changes where needed.
@Radomir Dopieralski is there any organization/
------------
Title: Open redirect possible in Horizon workflow forms
Reporter: Radomir Dopieralski ()
Products: Horizon
Affects: <18.6.0, <18.3.2, <=16.2.0, <=15.3.1
Description:
Radomir Dopieralski () reported a vulnerability in Horizon's workflow forms. Previously there was a lack of validation on the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.