Executive Summary

This vulnerability exists in Miniflux 2 versions 2.2.14 and below, where the application treats redirect_url as safe if url.Parse(...).IsAbs() returns false. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass this check, allowing attackers to craft post-login redirects to malicious sites, enabling phishing attacks after login. The issue is fixed in version 2.2.15.

Useful 0 Not Useful 0

Impact Analysis

An attacker can exploit this vulnerability to redirect users after login to attacker-controlled websites, potentially leading to phishing attacks. This can compromise user trust, expose users to malicious content, and result in credential theft or other security breaches.

Useful 0 Not Useful 0

Mitigation Strategies

Upgrade Miniflux to version 2.2.15 or later, as this version fixes the vulnerability related to unsafe handling of redirect_url. Avoid using versions 2.2.14 and below.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if your Miniflux v2 instance is running version 2.2.14 or below, as these versions are vulnerable. Additionally, you can monitor HTTP requests to the login endpoint for the presence of the `redirect_url` parameter containing protocol-relative URLs (e.g., URLs starting with `//`). For example, you can use network traffic inspection tools like tcpdump or Wireshark to filter requests with such parameters. A sample command to capture such HTTP requests using tcpdump might be: `tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep 'redirect_url=//'`. Alternatively, you can review server logs for login requests containing `redirect_url=//`. There is no specific built-in command provided in the resources, but these general network inspection methods can help detect exploitation attempts. [2]

Useful 0 Not Useful 0