CVE-2019-6035 – com.yahoo.athenz:athenz

Package

Manager: maven
Name: com.yahoo.athenz:athenz
Vulnerable Version: >=0 <1.8.25

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00522 pctl0.65944

Details

Athenz vulnerable to Open Redirect Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

Metadata

Created: 2022-05-24T17:05:08Z
Modified: 2022-11-04T22:32:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hg5-7hwc-v434/GHSA-9hg5-7hwc-v434.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-9hg5-7hwc-v434
Finding: F156
Auto approve: 1