NocoDB Unvalidated Redirect Vulnerability in Login Flow

An open redirect vulnerability has been identified in NocoDB versions prior to 0.265.1. This issue arises from the login process not properly validating the 'continueAfterSignIn' parameter, allowing attackers to redirect users to arbitrary external sites after authentication. While the vulnerability does not directly compromise credentials or authentication, it facilitates phishing attacks by exploiting user trust in the NocoDB login process.

Impact

The vulnerability increases the risk of phishing attacks, allowing attackers to steal credentials by manipulating the login flow. It undermines the integrity of the authentication process, although it does not enable arbitrary code execution or privilege escalation.

Reproduction

To reproduce this vulnerability, an attacker can create a login URL that includes a malicious redirect target in the 'continueAfterSignIn' parameter. When a user clicks this link and logs in, they will be redirected to the specified external site, where they may be prompted to enter credentials, unknowingly falling victim to a phishing attempt.

Remediation

Users can upgrade to NocoDB version 0.301.0 or later to address this vulnerability.