Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-42357: DOM based XSS Vulnerability in Apache Knox

Related Vulnerabilities: CVE-2021-42357  
Source 
                Severity: moderate

Description:

When using Knox SSO in affected releases, a request could be crafted to
redirect a user to a malicious page due to improper URL parsing.
A request that included a specially crafted
request parameter could be used to redirect the user to a page controlled
by an attacker. This URL would need to be presented to the user outside
the normal request flow through a XSS or phishing campaign.

Mitigation:

1.x users should upgrade to 1.6.1.
Unsupported versions of the 0.x line that include this issue are: 0.13.0, 0.14.0.
and these should upgrade to 1.6.1 as well.
1.0.0 and 1.1.0 are also Unsupported but affected and should upgrade to 1.6.1.

Credit:

Apache Knox would like to thank Kajetan Rostojek for this report

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started