LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as being within LORIS, which could be used to trick users into visiting arbitrary URLs if they are given a link with a third party redirect parameter. This vulnerability is fixed in 27.0.3 and 28.0.1.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
References 4
https://github.com/aces/Loris/commit/f57f54b42a076bf53ba86e20d4dbf37f63538f58
security-advisories@github.com
https://github.com/aces/Loris/releases/tag/v27.0.3
security-advisories@github.com
https://github.com/aces/Loris/releases/tag/v28.0.1
security-advisories@github.com
https://github.com/aces/Loris/security/advisories/GHSA-rch2-f5fw-cg95
security-advisories@github.com