Community
Participate
Working Groups
If I control a malicious domain, say example.org, I can create potentially malicious subdomains that will be shortened by the eclip.se URL shortener, despite its claims that it doesn't shorten external URLs. Hence, I can create a shortened URL (that may be trusted more than my complete malicious URL) that will actually lead to an external (if I want malicious) domain. For example: http://eclip.se/tmpolicW forwards to https://bugs.eclipse.org.example.org/some/malicious/page.
This issue has been migrated to https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/687.