Vulnerability Description: Redirection to Untrusted Site ('Open Redirect') – CWE-601
Software Version: ≤v031
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-45169
CVSv3: 5.4
Severity: Medium
Credits: Luca Borzacchiello, Andrea Carlo Maria Dattola, Massimiliano Ferraresi, Massimiliano Brolli
The web application allows an authenticated user to send an arbitrary push notification (including clickable links) to another arbitrary user of the application.
Step-by-step instructions and PoC
An authenticated user can send an arbitrary push notification to any other user of the system. The push notification can include an (invisible) clickable link.
The vulnerability can be exploited sending a POST request (including the authentication cookie) to the following vulnerable endpoint:
· https://vdeskbridge.[HOSTNAME]/api/v1/notification/createnotification
Payload used to exploit the vulnerability:
Figure 1 – Details of payload
Figure 2 – Details of request and response
Security Impact
Malicious users send arbitrary push notifications to other users, starting phishing attacks or exploiting other XSS vulnerabilities.