Multiple Open Redirect in nitely/spirit
Feb 21st 2022
In the /user/login endpoint, it doesnt check the value of the next parameter when the user is logged in and pass it directly to redirect which result to open redirect. The bug also exist in /user/logout, /user/register, /user/login, /user/resend-activation.
Proof of Concept
1. Go to http://127.0.0.1:8000/user/login/?next=https://evil.com
This bug result to open redirect.
I fixed this (https://github.com/nitely/Spirit/pull/308), thanks for reporting
Awesome, Thanks, Hi @admin , could i request a cve for this bug?
Once the fix has been confirmed, and if the maintainer is happy for one to be assigned, we will go ahead and publish a CVE.
@maintainer - could you please
confirm fix and let us know if you are happy to assign a CVE for this report?
Hi -- done. You can assign a CVE if you want. Thanks again!
Assigned and published! 🎉