CVE-2017-18262

Published: Apr 30, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.

Affected (6)

Products: Blackboard: Blackboard Learn

1 product

Blackboard Learn

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Blackboard Blackboard Learn	Up to 9.1
Blackboard Blackboard Learn	Version 9.1 q2_2016
Blackboard Blackboard Learn	Version 9.1 q2_2017
Blackboard Blackboard Learn	Version 9.1 q4_2015
Blackboard Blackboard Learn	Version 9.1 q4_2016
Blackboard Blackboard Learn	Version 9.1 q4_2017

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

http://seclists.org/fulldisclosure/2018/Apr/57

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securitytracker.com/id/1040767

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ethan.pm/blackboard.txt

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/fulldisclosure/2018/Apr/57

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securitytracker.com/id/1040767

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ethan.pm/blackboard.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.