CVE-2017-7266

medium

Description

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

References

Advisories
More

https://github.com/Netflix/security_monkey/releases/tag/v0.8.0

https://github.com/Netflix/security_monkey/pull/482

https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466

http://www.securityfocus.com/bid/97088

Details

Source: Mitre, NVD

Published: 2017-03-26

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N