Multiple Open Redirect in nitely/spirit

Valid

Reported on

Feb 21st 2022


Description

In the /user/login endpoint, it doesnt check the value of the next parameter when the user is logged in and pass it directly to redirect which result to open redirect. The bug also exist in /user/logout, /user/register, /user/login, /user/resend-activation.

Proof of Concept

1. Go to http://127.0.0.1:8000/user/login/?next=https://evil.com

Impact

This bug result to open redirect.

We are processing your report and will contact the nitely/spirit team within 24 hours. 3 months ago
noobexploiterhuntrdev modified the report
3 months ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 3 months ago
We have contacted a member of the nitely/spirit team and are waiting to hear back 3 months ago
nitely validated this vulnerability 3 months ago
noobexploiterhuntrdev has been awarded the disclosure bounty
The fix bounty is now up for grabs
nitely
3 months ago

Maintainer


I fixed this (https://github.com/nitely/Spirit/pull/308), thanks for reporting

noobexploiterhuntrdev
3 months ago

Researcher


Awesome, Thanks, Hi @admin , could i request a cve for this bug?

Jamie Slome
3 months ago

Admin


Once the fix has been confirmed, and if the maintainer is happy for one to be assigned, we will go ahead and publish a CVE.

@maintainer - could you please confirm fix and let us know if you are happy to assign a CVE for this report?

We have sent a fix follow up to the nitely/spirit team. We will try again in 7 days. 3 months ago
We have sent a second fix follow up to the nitely/spirit team. We will try again in 10 days. 3 months ago
nitely confirmed that a fix has been merged on 8f32f8 3 months ago
The fix bounty has been dropped
views.py#L76 has been validated
views.py#L65 has been validated
views.py#L138 has been validated
views.py#L96 has been validated
nitely
3 months ago

Maintainer


Hi -- done. You can assign a CVE if you want. Thanks again!

noobexploiterhuntrdev
3 months ago

Researcher


hi @admin

Jamie Slome
3 months ago

Admin


Assigned and published! 🎉

CVE-2022-0869

noobexploiterhuntrdev
3 months ago

Researcher


Thanks

to join this conversation