Freshworks Open Redirect Vulnerability in Logout API
Vulnerability
An open redirect vulnerability has been identified in Freshworks applications in versions prior to 1.2.3. The issue resides in the logout API endpoint, specifically in the handling of the 'post_logout_redirect_uri' parameter. This vulnerability allows for manipulation of the redirect URI, enabling an attacker to redirect users to an external, potentially malicious, site after they log out. The vulnerability can be exploited remotely, without authentication, but requires some user interaction.
Impact
Exploitation of this vulnerability leads to an open redirect, allowing attackers to redirect users to malicious sites, which could be used for phishing or other deceptive purposes.
Reproduction
To reproduce this vulnerability, send a GET request to the logout API endpoint '/api/v2/logout' with a crafted 'post_logout_redirect_uri' parameter that points to an external site controlled by the attacker. The application will log out the user and redirect them to the specified URL.
Remediation
Users are advised to upgrade to Freshworks version 1.2.3 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.