{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46826", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-30T19:41:58.135Z", "datePublished": "2025-05-07T21:32:30.865Z", "dateUpdated": "2025-05-08T13:42:58.179Z"}, "containers": {"cna": {"title": "insa-auth Open-Redirect on provided CAS server login endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 1.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L", "version": "4.0"}}], "references": [{"name": "https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv"}, {"name": "https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c", "tags": ["x_refsource_MISC"], "url": "https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c"}, {"name": "https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced", "tags": ["x_refsource_MISC"], "url": "https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced"}, {"name": "https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d", "tags": ["x_refsource_MISC"], "url": "https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d"}], "affected": [{"vendor": "INSAgenda", "product": "insa-auth", "versions": [{"version": "< 2025-05-03", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-07T21:32:30.865Z"}, "descriptions": [{"lang": "en", "value": "insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025."}], "source": {"advisory": "GHSA-63xr-gvjv-r6xv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T13:41:37.345558Z", "id": "CVE-2025-46826", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T13:42:58.179Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46826", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T13:41:37.345558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T13:42:47.492Z"}}], "cna": {"title": "insa-auth Open-Redirect on provided CAS server login endpoint", "source": {"advisory": "GHSA-63xr-gvjv-r6xv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1.3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "INSAgenda", "product": "insa-auth", "versions": [{"status": "affected", "version": "< 2025-05-03"}]}], "references": [{"url": "https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv", "name": "https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c", "name": "https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced", "name": "https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d", "name": "https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-07T21:32:30.865Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46826", "state": "PUBLISHED", "dateUpdated": "2025-05-08T13:42:58.179Z", "dateReserved": "2025-04-30T19:41:58.135Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-07T21:32:30.865Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025."}, {"lang": "es", "value": "insa-auth es un servidor de autenticaci\u00f3n para INSA Rouen. Un peque\u00f1o problema permiti\u00f3 que sitios web de terceros accedieran al puente de autenticaci\u00f3n secundario del servidor, lo que podr\u00eda revelar informaci\u00f3n b\u00e1sica del estudiante (nombre y n\u00famero). Sin embargo, el problema represent\u00f3 un riesgo m\u00ednimo, nunca fue explotado y tuvo un impacto limitado. Se implement\u00f3 una soluci\u00f3n r\u00e1pidamente el 3 de mayo de 2025."}], "id": "CVE-2025-46826", "lastModified": "2025-05-08T14:39:09.683", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-07T22:15:21.320", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c"}, {"source": "security-advisories@github.com", "url": "https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced"}, {"source": "security-advisories@github.com", "url": "https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d"}, {"source": "security-advisories@github.com", "url": "https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}