Multiple Open Redirect in nitely/spirit

commented 3 months ago

Maintainer

I fixed this (https://github.com/nitely/Spirit/pull/308), thanks for reporting

commented 3 months ago

Researcher

Awesome, Thanks, Hi @admin , could i request a cve for this bug?

commented 3 months ago

Admin

Once the fix has been confirmed, and if the maintainer is happy for one to be assigned, we will go ahead and publish a CVE.

@maintainer - could you please confirm fix and let us know if you are happy to assign a CVE for this report?

We have sent a fix follow up to the nitely/spirit team. We will try again in 7 days. 3 months ago

We have sent a second fix follow up to the nitely/spirit team. We will try again in 10 days. 3 months ago

nitely confirmed that a fix has been merged on 8f32f8 3 months ago

The fix bounty has been dropped

views.py#L76 has been validated

views.py#L65 has been validated

views.py#L138 has been validated

views.py#L96 has been validated

commented 3 months ago

Maintainer

Hi -- done. You can assign a CVE if you want. Thanks again!

commented 3 months ago

Researcher

hi @admin

commented 3 months ago

Admin

Assigned and published! 🎉

CVE-2022-0869

commented 3 months ago

Researcher

Thanks

to join this conversation

We are processing your report and will contact the nitely/spirit team within 24 hours. 3 months ago

noobexploiterhuntrdev modified the report

3 months ago

We created a GitHub Issue asking the maintainers to create a SECURITY.md 3 months ago

We have contacted a member of the nitely/spirit team and are waiting to hear back 3 months ago

nitely validated this vulnerability 3 months ago

noobexploiterhuntrdev has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented 3 months ago

Maintainer

I fixed this (https://github.com/nitely/Spirit/pull/308), thanks for reporting

commented 3 months ago

Researcher

Awesome, Thanks, Hi @admin , could i request a cve for this bug?

commented 3 months ago

Admin

Once the fix has been confirmed, and if the maintainer is happy for one to be assigned, we will go ahead and publish a CVE.

@maintainer - could you please confirm fix and let us know if you are happy to assign a CVE for this report?

We have sent a fix follow up to the nitely/spirit team. We will try again in 7 days. 3 months ago

We have sent a second fix follow up to the nitely/spirit team. We will try again in 10 days. 3 months ago

nitely confirmed that a fix has been merged on 8f32f8 3 months ago

The fix bounty has been dropped

views.py#L76 has been validated

views.py#L65 has been validated

views.py#L138 has been validated

views.py#L96 has been validated

commented 3 months ago

Maintainer

Hi -- done. You can assign a CVE if you want. Thanks again!

commented 3 months ago

Researcher

hi @admin

commented 3 months ago

Admin

Assigned and published! 🎉

CVE-2022-0869