A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Zscaler
Published: 2023-06-22T19:06:24.943Z
Updated: 2023-06-22T19:06:24.943Z
Reserved: 2023-03-23T18:29:15.802Z
Link: CVE-2023-28799
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-22T20:15:09.283
Modified: 2023-06-30T17:15:59.797
Link: CVE-2023-28799
JSON object: View
Redhat Information
No data.