{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T17:51:49.424","vulnerabilities":[{"cve":{"id":"CVE-2025-54066","sourceIdentifier":"security-advisories@github.com","published":"2025-07-17T15:15:27.873","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a `redirect` field which is the location where the server will redirect the user. This URI is not verified, and can be an arbitrary URI. Paired with a parameter pollution, an attacker can hide their malicious URI. This could be used for phishing, and extract new data (such as redirecting to a new \"log in\" page, and asking another time credentials). Version 0.1.0-a8 fixes this vulnerability."},{"lang":"es","value":"DiracX-Web es una aplicación web que proporciona una interfaz para interactuar con los servicios de DiracX. En versiones anteriores a la 0.1.0-a8, un atacante podía falsificar una solicitud para redirigir a un usuario autenticado a otro sitio web arbitrario. En la página de inicio de sesión, DiracX-Web incluye un campo \"redirect\", que indica la ubicación a la que el servidor redirigirá al usuario. Esta URI no está verificada y puede ser arbitraria. Junto con la contaminación de parámetros, un atacante puede ocultar su URI maliciosa. Esto podría utilizarse para phishing y extraer nuevos datos (como redirigir a una nueva página de inicio de sesión y solicitar credenciales en otro momento). La versión 0.1.0-a8 corrige esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://diracx-cert.app.cern.ch/auth?redirect=https://ipcim.com/en/where/?dsdsd=qsqsfsjfnsfniizaeiaapzqlalkqkaizqqijsjaopmqmxna?redirect=https://diracx-cert-app.cern.ch/auth","source":"security-advisories@github.com"},{"url":"https://github.com/DIRACGrid/diracx-web/commit/eba3b7bc4f9d394074215986e6d3c15b546b25d5","source":"security-advisories@github.com"},{"url":"https://github.com/DIRACGrid/diracx-web/security/advisories/GHSA-hfj7-542q-8fvv","source":"security-advisories@github.com"}]}}]}