QwikSec

Security Database

CVE

CWE

Training

CVE-2024-53995

Published: Jan 8, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.

Vendor	Product	Versions
SickChill	sickchill	affected `<= 2024.3.1`

Weaknesses (CWE)

References

https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/

x_refsource_CONFIRM

https://github.com/SickChill/sickchill/pull/8811

x_refsource_MISC

https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82

x_refsource_MISC

https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.