Description
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
Remediation
References
https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3E
Related Vulnerabilities
CVE-2021-32624 Vulnerability in npm package keystone
CVE-2023-25499 Vulnerability in maven package com.vaadin:vaadin
CVE-2017-12616 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2017-2606 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-8741 Vulnerability in maven package org.apache.qpid:qpid-broker-core