Vulnerability Details CVE-2017-7266
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- http://www.securityfocus.com/bid/97088
- https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
- https://github.com/Netflix/security_monkey/pull/482
- https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
- http://www.securityfocus.com/bid/97088
- https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
- https://github.com/Netflix/security_monkey/pull/482
- https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
Products affected by CVE-2017-7266
-
cpe:2.3:a:netflix:security_monkey:0.3.4
-
cpe:2.3:a:netflix:security_monkey:0.3.5
-
cpe:2.3:a:netflix:security_monkey:0.3.8
-
cpe:2.3:a:netflix:security_monkey:0.3.9
-
cpe:2.3:a:netflix:security_monkey:0.4.0
-
cpe:2.3:a:netflix:security_monkey:0.4.1
-
cpe:2.3:a:netflix:security_monkey:0.5.0
-
cpe:2.3:a:netflix:security_monkey:0.6.0
-
cpe:2.3:a:netflix:security_monkey:0.7.0