CVE-2024-8646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8646
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/eclipse-ee4j/glassfish/pull/24655 Patch
https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 Vendor Advisory
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 Broken Link
https://glassfish.org/download Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*
History

18 Sep 2024, 20:20

Type Values Removed Values Added
Summary
  • (es) En las versiones de Eclipse Glassfish anteriores a la 7.0.10, existía una vulnerabilidad de redirección de URL a sitios no confiables. Esta vulnerabilidad es causada por la vulnerabilidad (CVE-2023-41080) en el código Apache incluido en GlassFish. Esta vulnerabilidad solo afecta a las aplicaciones que se implementan explícitamente en el contexto raíz ('/').
References () https://github.com/eclipse-ee4j/glassfish/pull/24655 - () https://github.com/eclipse-ee4j/glassfish/pull/24655 - Patch
References () https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 - () https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 - Vendor Advisory
References () https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 - () https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 - Broken Link
References () https://glassfish.org/download - () https://glassfish.org/download - Product
First Time Eclipse
Eclipse glassfish
CPE cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*

11 Sep 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-11 14:15

Updated : 2024-09-18 20:20

NVD link : CVE-2024-8646

Mitre link : CVE-2024-8646

CVE.ORG link : CVE-2024-8646

JSON object : View

Products Affected

eclipse

  • glassfish
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')