CVE-2021-42357

CVE-2021-42357: DOM based XSS Vulnerability in Apache Knox

Vendor Apache Software Foundation

Product Apache Knox

Weakness CWE-79 · XSS

Published January 17, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.

Key dates

Disclosure timeline

January 17, 2022 CVE published

August 4, 2024 Record updated

Identifiers

CVE CVE-2021-42357

CWE CWE-79

Affected versions

Vendor Apache Software Foundation

Product Apache Knox

Affected ≥ Apache Knox 1.x and < 1.6.1

Vendor Apache Software Foundation

Product Apache Knox

Affected ≥ 0.12.0 and < Apache Knox 0.x*