CVE-2024-21641 Scanner

Flarum is an open-source discussion platform designed for creating modern online forums. It is lightweight, fast, and customizable, making it a popular choice for developers and businesses seeking a flexible forum solution. Flarum offers a rich ecosystem of extensions and themes, making it highly extendable. The software is user-friendly, with a simple interface and built-in support for various languages. Flarum's extensibility allows it to be integrated into different website environments while maintaining a focus on ease of use. Despite its advantages, Flarum users should be aware of security vulnerabilities that may affect the platform.

This vulnerability in Flarum allows attackers to exploit the `/logout` route, which includes a redirect parameter. Prior to version 1.8.5, the logout feature was vulnerable to an open redirect attack. An attacker could manipulate the `return` parameter in the logout URL to redirect users to a malicious site. Logged-in users were required to confirm their logout, but guests were immediately redirected to the specified URL. This vulnerability poses a risk to the platform by allowing attackers to redirect users to external, potentially harmful websites while leveraging a trusted domain of the Flarum installation. It was fixed in Flarum version 1.8.5.

The vulnerability occurs when a user accesses the `/logout` route with a `return` parameter pointing to an external URL. The application would then redirect the user to the specified URL without validating whether the redirect destination was safe. The issue stems from improper validation of the `return` parameter, allowing it to point to external sites. In the case of logged-in users, they would need to confirm their logout, but guests were redirected immediately. This type of open redirect can be exploited by spammers or attackers to manipulate users into visiting malicious websites, leveraging the trust users have in the Flarum domain.

If exploited, this vulnerability can lead to phishing attacks, spamming, or other social engineering techniques. By redirecting users to malicious websites, attackers can potentially steal sensitive data, install malware, or deceive users into performing harmful actions. The vulnerability could also damage the reputation of Flarum installations by making them appear unreliable or insecure to users. Although the impact is medium, it still poses a significant risk when considering how such vulnerabilities can be chained with other attacks. The vulnerability is particularly concerning for users who have sensitive information or use the platform for business or community engagement.

REFERENCES

• https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr
• https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a
• https://nvd.nist.gov/vuln/detail/CVE-2024-21641