Miggo Logo

CVE-2021-42357: Cross-site Scripting in Apache Knox SSO

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.94445%
Published
1/21/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.knox:gateway-service-knoxssomaven< 1.6.11.6.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper URL parsing in redirect logic. Analysis focused on: 1) Entry points processing request parameters (like WebSSOResource handlers) 2) URL construction utilities used in redirect flows. While exact patch details are unavailable, the described vulnerability pattern strongly suggests these functions would be involved in processing untrusted redirect targets without proper validation in pre-1.6.1 versions. Confidence is medium due to inference from vulnerability description rather than direct patch analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n usin* *p**** Knox SSO prior to *.*.*, * r*qu*st *oul* ** *r**t** to r**ir**t * us*r to * m*li*ious p*** *u* to improp*r URL p*rsin*. * r*qu*st t**t in*lu*** * sp**i*lly *r**t** r*qu*st p*r*m*t*r *oul* ** us** to r**ir**t t** us*r to * p*** *ontr

Reasoning

T** vuln*r**ility st*ms *rom improp*r URL p*rsin* in r**ir**t lo*i*. *n*lysis *o*us** on: *) *ntry points pro**ssin* r*qu*st p*r*m*t*rs (lik* W**SSOR*sour** **n*l*rs) *) URL *onstru*tion utiliti*s us** in r**ir**t *lows. W*il* *x**t p*t** **t*ils *r*