Vulnerability Description
SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.
Related Weaknesses (CWE)
References
- https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a
- https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de
- https://github.com/SickChill/sickchill/pull/8811
- https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_
FAQ
What is CVE-2024-53995?
CVE-2024-53995 is a documented vulnerability. SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, ...
How severe is CVE-2024-53995?
CVSS scoring is not yet available for CVE-2024-53995. Check NVD for updates.
Is there a patch for CVE-2024-53995?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.