1. CVE-Search
  2. CVE-2019-3912
ID CVE-2019-3912
Summary An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
References
Vulnerable Configurations
  • cpe:2.3:a:labkey:labkey_server:1.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:1.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:1.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:1.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:1.4:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:1.4:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:1.5:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:1.5:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:1.6:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:1.6:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:1.7:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:1.7:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:2.0:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:2.0:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:2.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:2.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:2.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:2.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:2.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:2.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:8.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:8.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:8.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:8.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:8.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:8.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:9.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:9.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:9.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:9.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:9.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:9.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:10.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:10.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:10.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:10.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:10.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:10.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:11.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:11.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:11.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:11.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:11.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:11.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:12.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:12.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:12.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:12.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:12.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:12.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:13.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:13.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:13.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:13.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:13.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:13.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:14.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:14.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:14.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:14.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:14.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:14.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:15.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:15.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:15.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:15.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:15.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:15.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:16.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:16.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:16.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:16.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:16.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:16.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:17.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:17.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:17.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:17.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:17.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:17.3:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:18.1:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:18.1:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:18.2:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:18.2:*:*:*:community:*:*:*
  • cpe:2.3:a:labkey:labkey_server:18.3:*:*:*:community:*:*:*
    cpe:2.3:a:labkey:labkey_server:18.3:*:*:*:community:*:*:*
CVSS
Base: 5.8 (as of 03-12-2022 - 14:46)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
misc https://www.tenable.com/security/research/tra-2019-03
Last major update 03-12-2022 - 14:46
Published 30-01-2019 - 20:29
Last modified 03-12-2022 - 14:46
Back to Top