How severe is CVE-2019-11269?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2019-11269?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2019-11269 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.

Related Vulnerabilities

CVE-2018-11784

MEDIUM

CVSS:4.3(Medium)

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...

CWE-6012018

CVE-2018-5304

MEDIUM

CVSS:4.3(Medium)

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web applic...

CWE-6012018

CVE-2019-14403

MEDIUM

CVSS:4.3(Medium)

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).

CWE-6012019

CVE-2019-1954

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerabi...

CWE-6012019

CVE-2020-1059

MEDIUM

CVSS:4.3(Medium)

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'.

CWE-6012020

CVE-2020-3311

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability i...

CWE-6012020