2021-05-04 00:15:00 2021-05-11 15:54:00

An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Advisory Patch Confirmed Link
https://github.com/opnsense/core/issues/4061