CVE-2021-32645 — MEDIUM (6.1)

Q: How severe is CVE-2021-32645?

CVE-2021-32645 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32645?

Check the references section above for vendor advisories and patch information. Affected products include: Tenancy Multi-Tenant.

Vulnerability Description

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have `force_https` set to `true` (default: `false`). Version 5.7.2 contains the relevant patches to fix this bug. Stripping the URL from special characters to prevent specially crafted URL's from being redirected to. As a work around users can set the `force_https` to every tenant to `false`, however this may degrade connection security.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Tenancy	Multi-Tenant	>= 5.6.0, < 5.7.2

Related Weaknesses (CWE)

CWE-601

References

https://github.com/tenancy/multi-tenant/commit/9c837a21bccce9bcaeb90033ef200d84fPatchThird Party Advisory
https://github.com/tenancy/multi-tenant/security/advisories/GHSA-4r8q-gv9j-3xx6MitigationThird Party Advisory
https://packagist.org/packages/hyn/multi-tenantProductThird Party Advisory
https://webmasters.googleblog.com/2009/01/open-redirect-urls-is-your-site-being.Third Party Advisory
https://github.com/tenancy/multi-tenant/commit/9c837a21bccce9bcaeb90033ef200d84fPatchThird Party Advisory
https://github.com/tenancy/multi-tenant/security/advisories/GHSA-4r8q-gv9j-3xx6MitigationThird Party Advisory
https://packagist.org/packages/hyn/multi-tenantProductThird Party Advisory
https://webmasters.googleblog.com/2009/01/open-redirect-urls-is-your-site-being.Third Party Advisory

FAQ

What is CVE-2021-32645?

CVE-2021-32645 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to ...

How severe is CVE-2021-32645?

CVE-2021-32645 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32645?

Check the references section above for vendor advisories and patch information. Affected products include: Tenancy Multi-Tenant.