Headline
CVE-2023-32551: Bug #1929620 “Open redirection vulnerability” : Bugs : Landscape Server
Landscape allowed URLs which caused open redirection.
Open redirection vulnerability
Bug #1929620 reported by Anton on 2021-05-25
This bug affects 1 person
Affects
Status
Importance
Assigned to
Milestone
Landscape Server
Fix Released
High
Simon Poirier
Landscape Server 19.10.5
Bug Description
Open redirect is possible using request path /redirect?next_url=/\example.com.
This can be used to perform phishing campaigns in order to obtain landscape credentials, that further can be used to RCE on multiple endpoints registered in the victim’s Landscape account.