Bug #34956 | Login redirection vulnerability | ||
---|---|---|---|
Submitted: | 29 Feb 2008 5:21 | Modified: | 3 Mar 2008 15:51 |
Reporter: | Diego Medina | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Websites: MySQLForge | Severity: | S1 (Critical) |
Version: | forge1.mysql.com | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | login |
[29 Feb 2008 5:21]
Diego Medina
[29 Feb 2008 5:47]
Valeriy Kravchuk
Thank you for a bug report. Verified just as described.
[3 Mar 2008 15:51]
Jay Pipes
This was a nasty one. Most fixes went into cls/peoplehandler.php:display_login() and login(). Full checks now performed for all redirects using parse_url(). The fixes were contained in r368-70. Thanks Diego for letting us know about this one!