Home

Description

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.

PUBLISHED Reserved 2024-12-06 | Published 2025-09-30 | Updated 2025-09-30 | Assigner mitre

References

github.com/corezoid/helm

medium.com/...oauth2-redirect-uri-open-redirect-9dd78bc337a3

cve.org (CVE-2024-55017)

nvd.nist.gov (CVE-2024-55017)

Download JSON