CVE-2018-11119

Published: May 17, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.

Affected (7)

Products: Ilias: Ilias

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ilias Ilias	From 5.1.0 to 5.1.26
Ilias Ilias	From 5.2.0 to 5.2.15
Ilias Ilias	From 5.3.0 to 5.3.4

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Ilias Ilias	Version 5.1.0 beta1
Ilias Ilias	Version 5.2.0 beta1
Ilias Ilias	Version 5.2.0 beta2
Ilias Ilias	Version 5.2.0 beta3

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

https://github.com/ILIAS-eLearning/ILIAS/commit/01a24cf04fe8dddf1da59ca497580637973482b6

Source: cve@mitre.org

PatchThird Party Advisory

https://www.ilias.de/docu/goto.php?target=st_229

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/ILIAS-eLearning/ILIAS/commit/01a24cf04fe8dddf1da59ca497580637973482b6

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.ilias.de/docu/goto.php?target=st_229

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.