Vulnerability Details CVE-2021-42357
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.159
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-42357
-
cpe:2.3:a:apache:knox:0.10.0
-
cpe:2.3:a:apache:knox:0.11.0
-
cpe:2.3:a:apache:knox:0.2.0
-
cpe:2.3:a:apache:knox:0.3.0
-
cpe:2.3:a:apache:knox:0.4.0
-
cpe:2.3:a:apache:knox:0.5.0
-
cpe:2.3:a:apache:knox:0.6.0
-
cpe:2.3:a:apache:knox:0.7.0
-
cpe:2.3:a:apache:knox:0.8.0
-
cpe:2.3:a:apache:knox:0.9.0