Miggo Logo
Miggo Vulnerability Database
CVE-2024-28239

CVE-2024-28239:
URL Redirection to Untrusted Site in OAuth2/OpenID in directus

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-28239
GHSA ID
GHSA-fr3w-2p22-6w7p
EPSS Score
0.45762%
CWE
CWE-601
Published
3/12/2024
Updated
3/13/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
directusnpm< 10.10.010.10.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from authentication route handlers that accepted unvalidated 'redirect' parameters. All three drivers (OAuth2, OpenID, SAML) contained similar patterns where the redirect parameter from the request query was directly used without proper allow-list validation. The commit diff shows these functions were modified to add isLoginRedirectAllowed checks, confirming they were previously vulnerable. The attack vector specifically targets these authentication entry points where redirects are processed after successful logins.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry T** *ut**nti**tion *PI **s * `r**ir**t` p*r*m*t*r t**t **n ** *xploit** *s *n op*n r**ir**t vuln*r**ility *s t** us*r tri*s to lo* in vi* t** *PI URL *ttps://*o*s.*ir**tus.io/r***r*n**/*ut**nti**tion.*tml#lo*in-usin*-sso-provi**rs /*ut*/l

Reasoning

T** vuln*r**ility st*ms *rom *ut**nti**tion rout* **n*l*rs t**t ****pt** unv*li**t** 'r**ir**t' p*r*m*t*rs. *ll t*r** *riv*rs (O*ut**, Op*nI*, S*ML) *ont*in** simil*r p*tt*rns w**r* t** r**ir**t p*r*m*t*r *rom t** r*qu*st qu*ry w*s *ir**tly us** wit*