URL Redirection to Untrusted Site ('Open Redirect')

CVE-2021-35037

Medium

6.1/10

Summary

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-601 - Open Redirect

An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.

References

Advisory Timeline

Published Jul 12, 2021

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2021-35037

Summary

CWE-601 - Open Redirect

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS