We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-46826

insa-auth Open-Redirect on provided CAS server login endpoint



Description

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025.

Reserved 2025-04-30 | Published 2025-05-07 | Updated 2025-05-08 | Assigner GitHub_M


LOW: 1.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L

Problem types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Product status

< 2025-05-03
affected

References

github.com/...a-auth/security/advisories/GHSA-63xr-gvjv-r6xv

github.com/...ommit/8c1e68b2fb55aa952f522ead55a6587526982a2c

github.com/...ommit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced

github.com/...ommit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d

cve.org (CVE-2025-46826)

nvd.nist.gov (CVE-2025-46826)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-46826

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.