What is CVE-2024-21641?

CVE-2024-21641 is a medium-severity vulnerability in Flarum Framework, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.5/10. Published 2024-01-05.

How severe is CVE-2024-21641?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2024-21641 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Open Redirect in Flarum Framework

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redire…

Vulnerability class: Open Redirect

EPSS: 0.391 (97.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

Flarum Framework — versions < 1.8.5

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr (x_refsource_CONFIRM)
https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a (x_refsource_MISC)
https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-21641?: CVE-2024-21641 is a medium-severity vulnerability in Flarum Framework, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.5/10. Published 2024-01-05.
How severe is CVE-2024-21641?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2024-21641 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.