GHSA-3qq5-wcrx-4h8r

Опубликовано: 20 фев. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirectparameter (2)FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.

Ссылки

Пакеты

Наименование

com.liferay.portal:release.portal.bom

maven

Затронутые версииВерсия исправления

>= 7.2.0, < 7.4.3.13-ga13

7.4.3.13-ga13

Наименование

com.liferay.portal:release.dxp.bom

maven

Затронутые версииВерсия исправления

>= 7.2.10.fp15, <= 7.2.10.fp18

Отсутствует

Наименование

com.liferay.portal:release.dxp.bom

maven

Затронутые версииВерсия исправления

>= 7.4.0, < 7.4.13.u9

7.4.13.u9

EPSS

Процентиль: 49%

0.00261

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2024-25609

Дефекты

CWE-601

Связанные уязвимости

CVE-2024-25609

CVSS3: 6.1

nvd

почти 2 года назад

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.

EPSS

Процентиль: 49%

0.00261

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2024-25609

Дефекты

CWE-601