Miggo Logo

CVE-2021-3851: Open Redirect in firefly-iii

5

CVSS Score
3.0

Basic Information

EPSS Score
0.38902%
Published
10/21/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
grumpydictator/firefly-iiicomposer< 5.6.25.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit adds host validation checks in Handler.php's invalid() method and UserNavigation.php's rememberPreviousUri. The invalid() method's pre-patch version lacked validation for the 'redirectTo' parameter, making it the primary open redirect vector. The UserNavigation.php change fixes a secondary path where stored URLs could have external hosts. The Handler.php fix directly correlates with CWE-601 mitigation patterns for open redirects.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ir**ly-iii is vuln*r**l* to URL R**ir**tion to Untrust** Sit*

Reasoning

T** *ommit ***s *ost v*li**tion ****ks in `**n*l*r.p*p`'s `inv*li*()` m*t*o* *n* `Us*rN*vi**tion.p*p`'s `r*m*m**rPr*viousUri`. T** `inv*li*()` m*t*o*'s pr*-p*t** v*rsion l**k** v*li**tion *or t** 'r**ir**tTo' p*r*m*t*r, m*kin* it t** prim*ry op*n r**