Miggo Logo

CVE-2016-1000001: flask-oidc Open Redirect vulnerability

7.4

CVSS Score
3.0

Basic Information

EPSS Score
0.39635%
Published
5/17/2022
Updated
9/20/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
flask-oidcpip< 1.0.01.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key functions: 1) redirect_to_auth_server stored user-provided destination in OAuth state without signing/validation, and 2) oidc_callback used this untrusted destination for redirection. The fix introduced cryptographic signing (destination_serializer) in redirect_to_auth_server and validation in oidc_callback, confirming these were the vulnerable points. The pre-patch code's 'TODO' comment and direct redirect() call with raw destination parameter demonstrate the lack of validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*sk-oi** v*rsion *.*.* *n* **rli*r is vuln*r**l* to *n op*n r**ir**t.

Reasoning

T** vuln*r**ility st*ms *rom two k*y *un*tions: *) r**ir**t_to_*ut*_s*rv*r stor** us*r-provi*** **stin*tion in O*ut* st*t* wit*out si*nin*/v*li**tion, *n* *) oi**_**ll***k us** t*is untrust** **stin*tion *or r**ir**tion. T** *ix intro*u*** *rypto*r*p