CVE-2023-28799

Severity CVSS v4.0:
Pending analysis
Type:
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
22/06/2023
Last modified:
17/10/2024

Description

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:* 1.4 (excluding)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:iphone_os:*:* 1.9.3 (excluding)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:chrome_os:*:* 1.10.1 (excluding)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:android:*:* 1.10.2 (excluding)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:* 3.7 (excluding)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:* 3.9 (excluding)