Primary

Context

INSA Rouen insa-auth Open Redirect Vulnerability in Secondary Authentication Bridge

Vulnerability

A minor open redirect vulnerability has been identified in the INSA Rouen authentication server, specifically in the insa-auth package, prior to May 3, 2025. This issue allowed third-party websites to access the server's secondary authentication bridge, potentially disclosing basic student information such as names and identification numbers. Despite this, the vulnerability posed minimal risk, was never exploited, and had limited impact.

Impact

Exploitation of this vulnerability could have led to unauthorized access to the server's secondary authentication bridge, allowing third-party websites to obtain basic student information, including names and identification numbers.

Remediation

The vulnerability has been patched in versions released on or after May 4, 2025.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

INSA Rouen insa-auth Open Redirect Vulnerability in Secondary Authentication Bridge

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating