Login Sign Up

CVE-2024-39097

6.1 MEDIUM
Authentication Bypass Open Redirect

📋 TL;DR

This CVE describes an Open Redirect vulnerability in Gnuboard v6.0.4 and earlier versions. Attackers can manipulate the 'url' parameter in the login path to redirect users to malicious websites after authentication. All users running vulnerable Gnuboard installations are affected.

💻 Affected Systems

Products:
  • Gnuboard
Versions: v6.0.4 and below
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with the vulnerable login component are affected.

📦 What is this software?

Gnuboard by Sir

View all CVEs affecting Gnuboard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could redirect authenticated users to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.

🟠

Likely Case

Attackers use the redirect for phishing campaigns, tricking users into visiting malicious sites that may steal session cookies or credentials.

🟢

If Mitigated

With proper input validation and URL whitelisting, the impact is limited to failed redirect attempts with no security compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and exploitation is straightforward via URL parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit eb52096f8328a891879066400f4599d1153d8bf2

Vendor Advisory: https://github.com/gnuboard/g6/issues/557

Restart Required: No

Instructions:

1. Update to the latest Gnuboard version. 2. Apply the patch from commit eb52096f8328a891879066400f4599d1153d8bf2. 3. Verify the 'url' parameter validation is properly implemented.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to only allow relative URLs or whitelisted domains in the 'url' parameter.

Modify login.php to validate the 'url' parameter before processing

WAF Rule

all

Implement a web application firewall rule to block redirects to external domains from the login endpoint.

Add WAF rule: Block requests to /login with 'url' parameter containing 'http://' or 'https://' to external domains

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to restrict redirect destinations
  • Monitor and block suspicious redirect patterns in web server logs

🔍 How to Verify

Check if Vulnerable:

Test by accessing the login page with a malicious 'url' parameter (e.g., /login?url=http://evil.com) and check if redirect occurs.

Check Version:

Check Gnuboard version in admin panel or via file version metadata

Verify Fix Applied:

After patching, test the same malicious URL parameter and verify it's blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in access logs
  • Multiple failed login attempts with external URLs in parameters

Network Indicators:

  • HTTP 302 redirects to external domains from login endpoints
  • Suspicious referrer headers

SIEM Query:

source="web_logs" AND uri_path="/login" AND query_string="*url=*" AND status=302

📊 Metadata

CVE ID: CVE-2024-39097
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-601
Published: August 26, 2024
Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39097, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)