Back to search
CVE-2021-42357
Published: Jan 17, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Knox | affected Apache Knox 1.x - < 1.6.1affected 0.12.0 - < Apache Knox 0.x* |
Weaknesses (CWE)
References
https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j
x_refsource_MISC
[oss-security] 20220117 CVE-2021-42357: DOM based XSS Vulnerability in Apache Knox
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now