CVE-2023-28799

Summary

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.

Affected Software

VendorProductVersion RangeStatus
ZscalerClient Connector0 < 3.9 Mac, 3.7 Win, 1.9.3 iOS, 1.10.2 Android, 1.10.1 Chrome OS, 1.4 Linuxaffected

Weaknesses

  • CWE-1287: CWE-1287

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References