GHSA-564j-v29w-rqr6 – khoj-assistant

Package

Manager: pip
Name: khoj-assistant
Vulnerable Version: >=0 <1.14.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

EPSS: N/A pctlN/A

Details

Khoj Open Redirect Vulnerability in Login Page ### Summary An attacker can use the `next` parameter on the login page to redirect a victim to a malicious page, while masking this using a legit-looking `app.khoj.dev` url. For example, `https://app.khoj.dev/login?next=//example.com` will redirect to the https://example.com page. ### Details The problem seems to be in this method: https://github.com/khoj-ai/khoj/blob/2667ef45449eb408ce1d7c393be04845be31e15f/src/khoj/routers/auth.py#L95 ### PoC Open the `https://app.khoj.dev/login?next=//example.com` url in a Gecko-based browser (Firefox). ### Impact The impact is low, and this could only be used in phishing attempts, but it's still a problem nonetheless.

Metadata

Created: 2024-07-08T14:57:43Z
Modified: 2024-07-08T14:57:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-564j-v29w-rqr6/GHSA-564j-v29w-rqr6.json
CWE IDs: ["CWE-601"]
Alternative ID: N/A
Finding: F156
Auto approve: 1