CVE-2024-55017
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-30
Last updated on: 2025-10-02
Assigner: MITRE
Description
Description
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| corezoid | corezoid | 6.6.0 |
| corezoid | corezoid | 6.8.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Account Takeover issue in Corezoid 6.6.0's OAuth2 implementation. It occurs due to an open redirect in the redirect_uri parameter, which allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can intercept authorization codes and take over user accounts without authorization, potentially leading to unauthorized access to sensitive information or services associated with those accounts.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70