Details
-
Sub-task
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
-
Security Level: Default (Default Security Scheme)
-
None
-
Horizon 2020 - March 18th, Horizon 2020 - April 1st
Description
[RIPS] found 3 Open Redirect issues in the following files of OpenNMS 25.1.2:
AcknowledgeAlarmController
https://github.com/OpenNMS/opennms/blob/master/opennms-webapp/src/main/java/org/opennms/web/controller/alarm/AcknowledgeAlarmController.java
AcknowledgeNotificationController
https://github.com/OpenNMS/opennms/blob/master/opennms-webapp/src/main/java/org/opennms/web/controller/notification/AcknowledgeNotificationController.java
AcknowledgeAlarmByFilterController
https://github.com/OpenNMS/opennms/blob/master/opennms-webapp/src/main/java/org/opennms/web/controller/alarm/AcknowledgeAlarmByFilterController.java
The first issue can be exploited via the GET parameter `redirect` by accessing the following URL:
`http://192.168.56.102:8980/opennms/alarm/acknowledge?redirect=http://google.com&actionCode=unack&alarm=1`
The second issue can be exploited via the GET parameter `redirect` by accessing the following URL:
`192.168.56.102:8980/opennms/notification/acknowledge?redirect=http://google.com¬ices=1`
The third issue can be exploited via the GET parameter `redirect` by accessing the following URL:
`http://192.168.56.102:8980/opennms/alarm/acknowledgeByFilter?redirect=http://google.com&actionCode=unack`
For more information about fixing an OpenRedirect see: