CVE-2023-28799 HIGH

CVE-2023-28799

Vendor Zscaler
Product Client Connector
Weakness CWE-1287
Published June 22, 2023
Last update December 5, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.

Key dates

02Disclosure timeline

June 22, 2023 CVE published
December 5, 2024 Record updated