OpenCVE

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
1e	Platform

Configuration 1 [-]

OR	cpe:2.3:a:1e:platform:8.4.1.229:::::::*
	cpe:2.3:a:1e:platform:23.7.1.80:::::::*
	cpe:2.3:a:1e:platform:23.11.1.15:::::::*
	cpe:2.3:a:1e:platform:24.7:::::::*

No data.

References

Link	Providers
https://www.1e.com/trust-security-compliance/cve-info/

History

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		1e 1e platform
Weaknesses		CWE-601
CPEs		cpe:2.3:a:1e:platform:23.11.1.15:::::::* cpe:2.3:a:1e:platform:23.7.1.80:::::::* cpe:2.3:a:1e:platform:24.7:::::::* cpe:2.3:a:1e:platform:8.4.1.229:::::::*
Vendors & Products		1e 1e platform

MITRE

Status: PUBLISHED

Assigner: 1E

Published: 2024-08-01T16:49:47.597Z

Updated: 2024-08-02T12:56:59.320Z

Reserved: 2024-07-29T16:05:07.068Z

Link: CVE-2024-7211

Vulnrichment

Updated: 2024-08-01T17:33:33.282Z

NVD

Status : Analyzed

Published: 2024-08-01T17:16:09.727

Modified: 2024-09-06T13:23:07.237

Link: CVE-2024-7211

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7211", "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b", "state": "PUBLISHED", "assignerShortName": "1E", "dateReserved": "2024-07-29T16:05:07.068Z", "datePublished": "2024-08-01T16:49:47.597Z", "dateUpdated": "2024-08-02T12:56:59.320Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "1E Platform", "vendor": "1E", "versions": [{"status": "affected", "version": "24.7"}, {"status": "affected", "version": "23.11.1.15"}, {"status": "affected", "version": "23.7.1.80"}, {"status": "affected", "version": "8.4.1.229"}]}], "datePublic": "2024-08-01T14:35:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<tt><tt>The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.<br><br>Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.<br><br></tt></tt>"}], "value": "The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\n\nNote: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en"}]}], "providerMetadata": {"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b", "shortName": "1E", "dateUpdated": "2024-08-02T12:56:59.320Z"}, "references": [{"url": "https://www.1e.com/trust-security-compliance/cve-info/"}], "source": {"advisory": "CVE-2024-39694", "discovery": "EXTERNAL"}, "title": "The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T17:33:30.440960Z", "id": "CVE-2024-7211", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T17:33:36.133Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7211", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T17:33:30.440960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T17:33:33.282Z"}}], "cna": {"title": "The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.", "source": {"advisory": "CVE-2024-39694", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "1E", "product": "1E Platform", "versions": [{"status": "affected", "version": "24.7"}, {"status": "affected", "version": "23.11.1.15"}, {"status": "affected", "version": "23.7.1.80"}, {"status": "affected", "version": "8.4.1.229"}], "defaultStatus": "unaffected"}], "datePublic": "2024-08-01T14:35:00.000Z", "references": [{"url": "https://www.1e.com/trust-security-compliance/cve-info/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\n\nNote: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.", "supportingMedia": [{"type": "text/html", "value": "<tt><tt>The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.<br><br>Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.<br><br></tt></tt>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b", "shortName": "1E", "dateUpdated": "2024-08-02T12:56:59.320Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7211", "state": "PUBLISHED", "dateUpdated": "2024-08-02T12:56:59.320Z", "dateReserved": "2024-07-29T16:05:07.068Z", "assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b", "datePublished": "2024-08-01T16:49:47.597Z", "assignerShortName": "1E"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:1e:platform:8.4.1.229:*:*:*:*:*:*:*", "matchCriteriaId": "85744E52-16DF-43C6-AD32-9F7900998AB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:1e:platform:23.7.1.80:*:*:*:*:*:*:*", "matchCriteriaId": "B4D00FCE-9011-45B2-9BA2-0E2115948E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:1e:platform:23.11.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "EA3612F8-C90E-474B-8243-0543BCAAFE7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:1e:platform:24.7:*:*:*:*:*:*:*", "matchCriteriaId": "68C25D73-241A-4143-AB09-516A54FD1C3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\n\nNote: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix."}, {"lang": "es", "value": " El servidor de identidad utilizado por 1E Platform podr\u00eda permitir la redirecci\u00f3n de URL a sitios que no son de confianza. Nota: El servidor de identidad en la plataforma 1E se actualiz\u00f3 con el parche necesario."}], "id": "CVE-2024-7211", "lastModified": "2024-09-06T13:23:07.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@1e.com", "type": "Secondary"}]}, "published": "2024-08-01T17:16:09.727", "references": [{"source": "security@1e.com", "tags": ["Vendor Advisory"], "url": "https://www.1e.com/trust-security-compliance/cve-info/"}], "sourceIdentifier": "security@1e.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}