Home > Vulnerability Database > CVE-2024-53264

Mend.io Vulnerability Database

CVE-2024-53264

Good to know:

Date: November 27, 2024

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated "next" parameter for redirects. Ex. visiting: "/loading?next=https://google.com"; while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

6.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53264

Url: https://github.com/bunkerity/bunkerweb

Url: https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-q9rr-h3hx-m87g

Url: https://www.mend.io/vulnerability-database/CVE-2024-53264

Severity Score

6.3

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version github.com/bunkerity/bunkerweb - v1.5.11

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53264

Good to know:

Date: November 27, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?