CVE-2024-7902 – This vulnerability allows attackers to redirect... (How to Fix)

Q: What is the severity of CVE-2024-7902?

CVE-2024-7902 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to redirect users to malicious websites by manipulating the 'source' parameter in the PKP OJS login/signOut endpoint. It affects all PKP OJS installations up to version 3.4.0-6. The attack can be launched remotely without authentication.

📋 TL;DR

This vulnerability allows attackers to redirect users to malicious websites by manipulating the 'source' parameter in the PKP OJS login/signOut endpoint. It affects all PKP OJS installations up to version 3.4.0-6. The attack can be launched remotely without authentication.

💻 Affected Systems

Products:

PKP Open Journal Systems (OJS)

Versions: up to 3.4.0-6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable endpoint accessible are affected.

📦 What is this software?

Open Journal Systems by Public Knowledge Project

View all CVEs affecting Open Journal Systems →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.

🟠

Likely Case

Attackers use the redirect for phishing campaigns targeting journal users, potentially stealing login credentials or session tokens.

🟢

If Mitigated

With proper web application firewalls and user education about suspicious URLs, impact is limited to failed phishing attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Upgrade to a version beyond 3.4.0-6 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to reject or sanitize the 'source' parameter containing external domains.

Modify /login/signOut endpoint code to validate 'source' parameter against allowed domains

Web Application Firewall Rule

all

Block requests to /login/signOut with suspicious 'source' parameter values.

WAF rule: Block if request_uri contains '/login/signOut' and args contains 'source' with value matching '.*\\.example\\..*'

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict redirect destinations
Monitor and block suspicious redirect patterns in web server logs

🔍 How to Verify

Check if Vulnerable:

Test by accessing /login/signOut?source=http://malicious.example.com and checking if redirect occurs

Check Version:

Check OJS version in admin panel or via system information endpoint

Verify Fix Applied:

After implementing fixes, test that redirects to external domains are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

HTTP 302 redirects from /login/signOut to external domains
Unusual 'source' parameter values in access logs

Network Indicators:

Outbound connections to unexpected domains following OJS login/logout

SIEM Query:

source="web_server" AND uri="/login/signOut" AND (status=302 OR status=301) AND referer contains "source="

📊 Metadata

CVE ID: CVE-2024-7902

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-601

Published: August 17, 2024

Last Updated: August 20, 2024

🔗 References

https://vuldb.com/?ctiid.274910 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.274910 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.388216 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7902, you might also want to check these: