ndunn / instant-search / issues / #3 - Open Redirect — Bitbucket

Issue #3 resolved

Former user created an issue 2020-03-22

hi, any chance to avoid open redirects on instant-search?

https://www.domain.com/plugins/servlet/ZFIN.instantsearch/track?searchlink=http://google.com

https://detectify.freshdesk.com/support/solutions/articles/48001048961-open-redirect

Comments (6)

Instant Search repo owner
Thanks for reporting. I’ll make sure to validate the URL to make sure its internal / allowed versus the entire world.
- 2020-03-23T16:57:45+00:00
Gereon Heitmann
Great, many thanks!
- 2020-03-24T10:47:42+00:00
Instant Search repo owner
In dev the link is:

‌

http://localhost:1990/confluence//plugins/servlet/ZFIN.instantsearch/track?searchlink=http://google.com
- 2020-03-24T17:09:33+00:00
Instant Search repo owner
- changed status to resolved
fixes #3

→ <<cset 257d4434f83d>>
- 2020-03-24T17:29:37+00:00
Instant Search repo owner
@Gereon Heitmann This should be fixed in 2.5.5 of Confluence Server. It will track it explicitly but will provide a warning instead of the redirect. Please let me know if there is anything else.
- 2020-03-24T17:37:36+00:00
Gereon Heitmann
@Instant Search working perfectly Many thanks for your fast response!
- 2020-03-24T19:13:18+00:00
Log in to comment

Assignee: –

Type: bug

Priority: critical

Status: resolved

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!