Primary

Context

Casdoor Open Redirect Vulnerability in OAuth Authorization Request Handler

Vulnerability

An open redirect vulnerability has been identified in Casdoor version 2.356.0, specifically within the OAuth Authorization Request Handler component. This issue arises from improper validation of the redirect_uri parameter, allowing attackers to manipulate the argument and redirect users to malicious sites. The vulnerability can be exploited remotely, without any authentication, although it requires some user interaction.

Impact

Exploitation of this vulnerability allows for open redirect, which can be used to conduct phishing attacks by redirecting users to malicious websites.

Reproduction

To reproduce this vulnerability, send an OAuth authorization request with a redirect_uri parameter that points to an external site, such as https://evil.com/. The request will bypass validation and redirect the OAuth code or token to the specified external site.

Remediation

No known mitigation is available.

Added: Apr 3, 2026, 12:18 PM

Updated: Apr 3, 2026, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.2

exploitability

7.7

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.2

exploitability

7.7

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Casdoor Open Redirect Vulnerability in OAuth Authorization Request Handler

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Casdoor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating