CVE-2024-7211 MEDIUM

CVE-2024-7211: The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

Vendor 1E
Product 1E Platform
Published August 1, 2024
Last update June 18, 2025

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Key dates

02Disclosure timeline

August 1, 2024 CVE published
June 18, 2025 Record updated