Description
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
Remediation
References
https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3E
Related Vulnerabilities
CVE-2013-6447 Vulnerability in maven package org.jboss.seam:jboss-seam-remoting
CVE-2021-32050 Vulnerability in npm package mongodb
CVE-2022-0235 Vulnerability in npm package node-fetch
CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-api
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:tomcat-jasper