Spring Cloud Base Open Redirect Vulnerability in HTTP Header Handler
Vulnerability
An open redirect vulnerability has been identified in the Spring Cloud Base repository, specifically in the auth-center subproject. The issue arises in the sendBack function of MvcController.java, where the Referer header is manipulated to redirect users to external, potentially malicious, sites. This vulnerability affects the master branch of the project and can be exploited remotely without any authentication.
Impact
Exploitation of this vulnerability allows for open redirect, where users can be sent to attacker-controlled websites, potentially leading to phishing or social engineering attacks.
Reproduction
To reproduce this vulnerability, first set up the application by starting a MySQL database and a Redis instance. After configuring the application to use these services, launch the project. Once the application is running, the vulnerability can be exploited by sending a request to the '/auth/backReferer' endpoint with a crafted Referer header. The server will respond with a 302 redirect to the URL specified in the Referer header, demonstrating the open redirect behavior.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.