CVE-2020-12283
MEDIUMSourcegraph < 3.15.1 - Open Redirect via SafeRedirectURL Validation Bypass
Title source: llmDescription
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/sourcegraph/sourcegraph/pull/10167
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/sourcegraph/sourcegraph/compare/v3.15.0...v3.15.1
Patch, Third Party Advisory x_refsource_misc
https://github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md
Exploit, Third Party Advisory x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph
Scores
CVSS v3
6.1
EPSS
0.0130
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
sourcegraph/sourcegraph
< 3.15.1
sourcegraph/sourcegraph
0 - 3.14.4Go
Published
Apr 30, 2020
Tracked Since
Feb 18, 2026