AFFiNE Open Redirect Vulnerability in Redirect Proxy Endpoint
Vulnerability
An open redirect vulnerability has been identified in AFFiNE versions prior to 0.26.0, specifically at the '/redirect-proxy' endpoint. The issue arises from the domain validation logic, where a poorly anchored regular expression allows attackers to bypass the whitelist by using malicious domains that end with a trusted string. This vulnerability could be exploited to conduct phishing attacks by redirecting users to fake login pages that mimic the AFFiNE interface.
Impact
Exploitation of this vulnerability allows for open redirect, enabling phishing attacks by redirecting users to malicious sites that impersonate AFFiNE.
Reproduction
To reproduce this vulnerability, send a request to the '/redirect-proxy' endpoint with a 'redirect_uri' parameter that points to a domain registered by the attacker. The domain should be crafted to match the regular expression used for validation, such as one that ends with a trusted domain like 't.me'. The application will incorrectly validate the domain and redirect the user to the malicious site.
Remediation
Users are advised to update to AFFiNE version 0.26.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.