[ELEMENTS-1741] Own Code Static Scan : Open Redirect - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: Core

Epic Link:
[May 2024] Veracode Scan Result Issues
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-5, UI COOLDOWN - 2024-5, UI - 2024-6
Story Points:
2

Description

MEDIUM - 1 Findings
CWE 601 URL Redirection to Untrusted Site ('Open Redirect')

Flaw Category: Insufficient Input Validation

Description: A web application accepts a untrusted input that specifies a link to an external site, and uses that link to generate a redirect. This enables phishing attacks.

Remediation: Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. Check the supplied URL against a whitelist of approved URLs or domains before redirecting.

Attached screenshot for the code details in Nuxeo Elements

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screenshot from 2024-05-10 12-12-31.png
268 kB
2024-05-10 06:42

Activity

People

Assignee:

Alok Ranjan

Reporter:

Madhur Kulshrestha

Participants:

Alok Ranjan, Madhur Kulshrestha

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2024-05-08 07:04

Updated:

2024-06-14 04:59

Resolved:

2024-06-14 04:58