Details
-
Type:
Sub-task
-
Status: Resolved (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 26.0.0
-
Component/s: None
-
Security Level: Default (Default Security Scheme)
-
Labels:None
-
Sprint:Horizon 2020 - March 18th, Horizon 2020 - April 1st
Description
[RIPS] found 3 Open Redirect issues in the following files of OpenNMS 25.1.2:
AcknowledgeAlarmController
https://github.com/OpenNMS/opennms/blob/master/opennms-webapp/src/main/java/org/opennms/web/controller/alarm/AcknowledgeAlarmController.java
AcknowledgeNotificationController
https://github.com/OpenNMS/opennms/blob/master/opennms-webapp/src/main/java/org/opennms/web/controller/notification/AcknowledgeNotificationController.java
AcknowledgeAlarmByFilterController
https://github.com/OpenNMS/opennms/blob/master/opennms-webapp/src/main/java/org/opennms/web/controller/alarm/AcknowledgeAlarmByFilterController.java
The first issue can be exploited via the GET parameter `redirect` by accessing the following URL:
`http://192.168.56.102:8980/opennms/alarm/acknowledge?redirect=http://google.com&actionCode=unack&alarm=1`
The second issue can be exploited via the GET parameter `redirect` by accessing the following URL:
`192.168.56.102:8980/opennms/notification/acknowledge?redirect=http://google.com¬ices=1`
The third issue can be exploited via the GET parameter `redirect` by accessing the following URL:
`http://192.168.56.102:8980/opennms/alarm/acknowledgeByFilter?redirect=http://google.com&actionCode=unack`
For more information about fixing an OpenRedirect see: