Minor Tested URL : !https://pentest-2023.beta.nuxeocloud.com/nuxeo/icons/favicon.ico!Login - Nuxeo Platform
Severity : medium
Criticality Justification
A malicious adversary can use the trust users have in the client domain to redirect users to malicious and phishing websites
Steps To Reproduce
- Enter the following URL:
{{ <https://pentest-2023.beta.nuxeocloud.com/nuxeo/login.jsp?requestedUrl=//www.google.com> }} - Login as a user.
- Note that the user gets redirected to the external website, which could be malicious attacker-controlled. (https://api.us.cobalt.io/v1/attachments/att_cXW6Ozl/preview)
Suggested Fix
- Prioritize server-side redirections only. If this is not possible, validate URLs and point to a predefined location. If the application requires external redirects, ensure that users are presented with a warning that they are leaving the site and offer them the opportunity to cancel the action.
- Review the risk appetite and business requirements for continuing to use redirects that can be manipulated on the client-side.