Unprotected Transport of Credentials

Property
Languagepython
Severitylow
CWECWE-523: Unprotected Transport of Credentials
OWASPA02:2017 - Broken Authentication
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The code sends authentication credentials over plain HTTP, which does not encrypt the data. This means usernames and passwords can be intercepted by anyone monitoring the network.

Impact

If exploited, attackers can capture login credentials in transit, leading to unauthorized access to user accounts or sensitive systems. This compromises user privacy and can result in data breaches or further attacks within your application or organization.

Unsafe sysctl options set

Property
Languageterraform
Severitymedium
Vulnerability Typemisconfiguration

Description

The configuration sets unsafe sysctl options in Kubernetes pod security contexts, allowing modification of kernel parameters that are not part of the allowed safe subset. This can weaken isolation between pods and potentially disable important security mechanisms.

Impact

Exploiting unsafe sysctl settings can let attackers interfere with kernel-level behavior, affect other containers on the same host, and bypass security boundaries, increasing the risk of container breakout, denial of service, or broader system compromise.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagecsharp
Severitymedium
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelLow
Impact LevelMedium
Likelihood LevelMedium

Description

The application redirects users to a URL specified by a query parameter without verifying if it’s a safe, local address. This allows attackers to craft links that send users to malicious websites.

Impact

Exploiting this flaw, attackers can trick users into leaving your site for phishing pages or other harmful destinations, potentially leading to credential theft, loss of user trust, and reputational damage to your organization.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagego
Severityhigh
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelMedium

Description

The code constructs HTTP redirects using values taken directly from user input, without validating or restricting the destination URL. This allows attackers to craft links that redirect users to untrusted or malicious websites.

Impact

If exploited, attackers can trick users into visiting phishing sites or downloading malware by making redirects appear to originate from your application. This undermines user trust, can lead to credential theft, and may damage the application’s reputation.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagejava
Severitymedium
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelMedium
Impact LevelLow
Likelihood LevelMedium

Description

The application redirects users to URLs specified by unvalidated user input, such as query parameters. This means attackers can supply their own URLs and cause users to be redirected to malicious or unintended sites.

Impact

If exploited, attackers can trick users into visiting phishing or malicious websites by crafting links that appear to come from your application. This can lead to credential theft, loss of user trust, or facilitate further attacks like session hijacking.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagejava
Severitymedium
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The application redirects users to URLs provided directly by user input without validating or restricting the destination. This allows attackers to craft links that send users to malicious external sites via your application’s redirect feature.

Impact

Exploiting this vulnerability, attackers can trick users into trusting and clicking malicious links that appear to come from your site, leading to phishing attacks, credential theft, or loss of user trust. It can also undermine the security reputation of your application.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagetypescript
Severitylow
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code uses untrusted user input directly in the URL parameter when redirecting in a NestJS controller. This allows attackers to control the destination of the redirect, leading to an Open Redirect vulnerability.

Impact

An attacker could trick users into visiting malicious websites by crafting links that appear to come from your application. This can result in phishing attacks, loss of user trust, and potential compromise of user accounts or sensitive data.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagejavascript
Severitylow
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

User-supplied input is being used directly in a redirect, which lets attackers control the destination URL. This means users could be redirected to malicious sites if the input isn’t properly validated.

Impact

An attacker could craft links that send users to phishing or malicious sites through your application’s redirects, leading to potential credential theft, loss of user trust, or exploitation of users. This can also be abused to bypass certain access controls or security policies.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagejavascript
Severityhigh
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelHigh

Description

The application redirects users to URLs provided directly from request data (such as query parameters or headers) without validating them. This allows attackers to craft links that send users to malicious websites.

Impact

If exploited, attackers can trick users into visiting fraudulent or harmful sites, which can lead to phishing attacks, credential theft, or loss of user trust. This also puts the application’s reputation at risk and may aid further attacks against your users.

URL Redirection to Untrusted Site (‘Open Redirect’)

Property
Languagejavascript
Severitylow
CWECWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASPA01:2021 - Broken Access Control
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The application uses user-controlled input to set the destination of window redirection (e.g., via location.href or location.replace) without validating the input. This allows attackers to redirect users to malicious sites or inject JavaScript code.

Impact

If exploited, attackers could trick users into visiting phishing or malicious sites, leading to credential theft or malware installation. In some cases, they could inject JavaScript via specially crafted links, potentially enabling Cross-Site Scripting (XSS) attacks and compromising user data or site integrity.