This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unvalidated Redirects and Forwards - Unity Forms / Workflow

Aaron_Ramsey
Confirmed Champ
Confirmed Champ

‎02-28-2024 02:04 PM

Looking into options for externally facing Unity Forms that would trigger Workflow to generate email notifications.  Pentesters have raised concerns that this type of form triggering workflow could be vulnerable to unvalidated redirects and forwards (by intercepting the submission in a proxy tool, e.g., Burpsuite Professional, inserting a domain url controlled by an attacker, and forwarding on the submission).  Consumers of downstream notifications could then be presented with the malicious url.

 

Has this concern come up for anyone else?  Any mitigation strategies?

 

Labels:
0 Kudos
1 REPLY 1

Jimmy_Byrne
Star Contributor
Star Contributor

‎02-29-2024 01:18 PM

Hi @Aaron Ramsey,

 

Was a formal penetration test report provided that documents this issue? If so, I would suggest opening a ticket with your first line of support so that can be forwarded to Hyland's Application Security team for further review and comment. 

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC