5.1

CVSS Score

4.0

Basic Information

CVE ID

CVE-2024-53264

GHSA ID

GHSA-q9rr-h3hx-m87g

EPSS Score

0.11802%

CWE

CWE-601

Published

12/2/2024

Updated

12/2/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-53264

CVE-2024-53264: BunkerWeb has Open Redirect Vulnerability in Loading Page

Summary:

A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter.

Details:

The loading endpoint accepts and uses an unvalidated "next" parameter for redirects:

PoC:

Visit: /loading?next=https://google.com while authenticated. The page will redirect to google.com.

Impact:

This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites.

(GitHub Advisory)

5.1

CVSS Score

4.0

Basic Information

CVE ID

CVE-2024-53264

GHSA ID

GHSA-q9rr-h3hx-m87g

EPSS Score

0.11802%

CWE

CWE-601

Published

12/2/2024

Updated

12/2/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/bunkerity/bunkerweb	go	< 1.5.11	1.5.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unvalidated use of the 'next' parameter in a redirect. In Go web applications, route handlers typically process request parameters directly. The description explicitly states the loading endpoint uses an unvalidated 'next' parameter, which matches the pattern of a handler function extracting a query parameter and passing it to a redirect function without sanitization. While exact code isn't available, the combination of the vulnerability description, CWE-601 classification, and Go ecosystem patterns strongly suggests the handler function for the /loading route is the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry: * op*n r**ir**t vuln*r**ility *xists in t** lo**in* *n*point, *llowin* *tt**k*rs to r**ir**t *ut**nti**t** us*rs to *r*itr*ry *xt*rn*l URLs vi* t** "n*xt" p*r*m*t*r. ### **t*ils: T** lo**in* *n*point ****pts *n* us*s *n unv*li**t** "n*x

Reasoning

T** vuln*r**ility st*ms *rom unv*li**t** us* o* t** 'n*xt' p*r*m*t*r in * r**ir**t. In *o w** *ppli**tions, rout* **n*l*rs typi**lly `pro**ss` r*qu*st p*r*m*t*rs *ir**tly. T** **s*ription *xpli*itly st*t*s t** lo**in* *n*point us*s *n unv*li**t** 'n*

5.1

Basic Information

Concerned about an active attack path?

CVE-2024-53264: BunkerWeb has Open Redirect Vulnerability in Loading Page

Summary:

Details:

PoC:

Impact:

5.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI