The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.
Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.