CloudPanel Community Edition Open Redirect Vulnerability in HTTP Header Referer Handling
Vulnerability
A open redirect vulnerability has been identified in CloudPanel Community Edition versions through 2.5.1. The issue arises in the '/admin/users' endpoint, where the application improperly validates the Referer HTTP header. This flaw allows an attacker to manipulate the header to redirect users to an arbitrary external site, potentially leading to phishing attacks. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for open redirect, which can be used in phishing attacks by redirecting users to malicious websites while disguising the link as legitimate.
Reproduction
To reproduce this vulnerability, send a GET request to the '/admin/users' endpoint with a crafted Referer header that includes an external URL. The server response will include a 302 redirect to the URL specified in the Referer header, demonstrating the open redirect vulnerability.
Remediation
Users are advised to upgrade to CloudPanel Community Edition version 2.5.2, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.