Описание
Plone Open Redirect Vulnerability
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7936
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-85.yaml
- https://plone.org/security/hotfix/20200121
- https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
- https://www.openwall.com/lists/oss-security/2020/01/22/1
- http://www.openwall.com/lists/oss-security/2020/01/24/1
Пакеты
Plone
>= 4.0, < 4.3.20
4.3.20
Plone
>= 5.0rc1, < 5.1.7
5.1.7
Plone
>= 5.2.0, < 5.2.2
5.2.2
Связанные уязвимости
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.