Miggo Logo

GHSA-x6v2-xmrq-574j: Drupal Anonymous Open Redirect

5.8

CVSS Score
3.1

Basic Information

CVE ID
-
EPSS Score
-
Published
5/15/2024
Updated
5/15/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
drupal/drupalcomposer>= 8.0.0, < 8.5.88.5.8
drupal/drupalcomposer>= 8.6.0, < 8.6.28.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper validation of the 'destination' parameter in redirects. The primary failure point is in RedirectResponseSubscriber::checkRedirectUrl, which handles redirect validation but lacked proper checks for external URLs in affected versions. UrlHelper::isExternal is included with medium confidence because while it's central to URL validation, the exact bypass mechanism isn't explicitly documented in available resources. The CommonController::destinationRedirect is part of the redirect flow but ultimately relies on these lower-level validation mechanisms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*rup*l *or* *n* *ontri*ut** mo*ul*s *r*qu*ntly us* * "**stin*tion" qu*ry strin* p*r*m*t*r in URLs to r**ir**t us*rs to * n*w **stin*tion **t*r *ompl*tin* *n **tion on t** *urr*nt p***. Un**r **rt*in *ir*umst*n**s, m*li*ious us*rs **n us* t*is p*r*m*t

Reasoning

T** vuln*r**ility st*ms *rom improp*r v*li**tion o* t** '**stin*tion' p*r*m*t*r in r**ir**ts. T** prim*ry **ilur* point is in `R**ir**tR*spons*Su*s*ri**r::****kR**ir**tUrl`, w*i** **n*l*s r**ir**t v*li**tion *ut l**k** prop*r ****ks *or *xt*rn*l URLs