CNNVD-202509-4441 Information

CNNVD ID

CNNVD-202509-4441

Related CVE

CVE-2024-55017

• CNNVD Published: 2025-09-30

Description (Chinese)

Corezoid Process Engine是Corezoid公司的一个应用程序。帮助公司在云中构建、管理、托管和运行流程。 Corezoid Process Engine 6.6.0版本存在安全漏洞，该漏洞源于OAuth2实现中redirect_uri参数存在开放重定向，可能导致授权代码拦截和未经授权的账户访问。

Description (English)

Corezoid Production Engineering is an application of Corezoid. Help companies build, manage, host and run processes in the clouds. The security loophole in version 6.6.0 of Corezoid Production Engineering stems from the open re-direction of OAuth2 to the medium redirective uri parameter, which may lead to the interception of authorized codes and unauthorized access to accounts.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Corezoid

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/corezoid/helm https://medium.com/@elmiraibrahimlii/corezoid-cve-2024-55017-account-takeover-via-oauth2-redirect-uri-open-redirect-9dd78bc337a3