FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gogs -- open redirect vulnerability

Affected packages
gogs < 0.11.53_1

Details

VuXML ID e53a908d-a645-11e8-8acd-10c37b4ac2ea
Discovery 2018-08-06
Entry 2018-08-22

bluecatli (Tencent's Xuanwu Lab) reports:

The function isValidRedirect in gogs/routes/user/auth.go is used in login action to validate if url is on the same site.

If the Location header startswith /\, it will be transformed to // by browsers.

References

URL https://github.com/gogs/gogs/commit/1f247cf8139cb483276cd8dd06385a800ce9d4b2
URL https://github.com/gogs/gogs/issues/5364
URL https://github.com/gogs/gogs/pull/5365