Comment 22 for bug 1865026
Revision history for this message
| Gage Hugo (gagehugo) wrote Re: Open redirect in workflow forms | #22 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Updated, please review:
Title: Open redirect possible in Horizon workflow forms
Reporter: Pritam Singh (Red Hat)
Products: Horizon
Affects: >=18.4.0 <18.6.0, >=17.0.0 <18.3.2, <=16.2.0, <=15.3.1
Description:
Pritam Singh (Red Hat) reported a vulnerability in Horizon's workflow forms. Previously there was a lack of validation on the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.