漏洞
When specifying a logout endpoint URL (SAML or OIDC) containing URL parameters, an invalid request to the logout endpoint URL is constructed.
| 漏洞 ID 编号 | BUG-000160730 |
|---|---|
| 已提交 | August 16, 2023 |
| 上次修改时间 | June 10, 2025 |
| 适用范围 | Portal for ArcGIS |
| 找到的版本 | 10.9.1 |
| 操作系统 | Windows Server |
| 操作系统版本 | 2019 64 Bit |
| 状态 | Non-Reproducible |
附加信息
Query parameters should not be set by the user but defined by the relying party, which in this case is ArcGIS, so when configuring the ArcGIS openID configuration, query parameters should not be used when setting the logout URL. Query parameters for OpenID Connect logouts are limited to the predefined set documented in the OpenID Connect specification: https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout The guide for configuring AWS Cognito on Github has been replaced since the previous one, published four years ago, was obsolete and contained an incorrect logout URL. https://github.com/Esri/idp/blob/main/Documentation/OpenID/AWS%20Cognito.md重现步骤
漏洞 ID: BUG-000160730
软件:
- Portal for ArcGIS
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序