CVE-2024-34074
CVSS V2 None
CVSS V3 None
Description
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
Overview
- CVE ID
- CVE-2024-34074
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-09T14:25:25.979Z
- Last Modified Date
- 2024-06-04T17:41:36.130Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894 | x_refsource_CONFIRM |
| https://github.com/frappe/frappe/pull/26304 | x_refsource_MISC |
| https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-34074 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34074 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 14:31:13 | Added to TrackCVE |