Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05aGc1LTdod2MtdjQzNM4AAjIZ
Athenz vulnerable to Open Redirect
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
Permalink: https://github.com/advisories/GHSA-9hg5-7hwc-v434JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05aGc1LTdod2MtdjQzNM4AAjIZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-9hg5-7hwc-v434, CVE-2019-6035
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-6035
- https://github.com/yahoo/athenz/pull/700
- http://jvn.jp/en/jp/JVN57070811/index.html
- https://github.com/AthenZ/athenz/commit/c4dc89b31fda501af45c20b33db620a077079744
- https://github.com/advisories/GHSA-9hg5-7hwc-v434
Blast Radius: 1.0
Affected Packages
maven:com.yahoo.athenz:athenz
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.8.25
Fixed in: 1.8.25
All affected versions:
All unaffected versions: 1.10.4, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 1.10.16, 1.10.17, 1.10.18, 1.10.19, 1.10.20, 1.10.21, 1.10.22, 1.10.23, 1.10.24, 1.10.25, 1.10.26, 1.10.27, 1.10.28, 1.10.29, 1.10.30, 1.10.31, 1.10.32, 1.10.33, 1.10.34, 1.10.35, 1.10.36, 1.10.37, 1.10.38, 1.10.39, 1.10.40, 1.10.41, 1.10.42, 1.10.43, 1.10.44, 1.10.45, 1.10.46, 1.10.47, 1.10.48, 1.10.49, 1.10.50, 1.10.51, 1.10.52, 1.10.53, 1.10.54, 1.10.55, 1.10.56, 1.10.58, 1.10.60, 1.10.61, 1.10.62, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24, 1.11.25, 1.11.26, 1.11.27, 1.11.28, 1.11.29, 1.11.30, 1.11.31, 1.11.32, 1.11.33, 1.11.34, 1.11.35, 1.11.36, 1.11.37, 1.11.38, 1.11.39, 1.11.40, 1.11.41, 1.11.42, 1.11.43, 1.11.44, 1.11.45, 1.11.46, 1.11.47, 1.11.48, 1.11.49, 1.11.50, 1.11.51, 1.11.52, 1.11.53, 1.11.54, 1.11.55, 1.11.56, 1.11.57, 1.11.58, 1.11.59