CVE-2015-8094

Опубликовано: 22 мая 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.

Ссылки

http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html
Release Notes
Third Party Advisory
https://github.com/cloudera/hue/pull/346
Third Party Advisory
https://issues.cloudera.org/browse/HUE-3626
Issue Tracking
Patch
Vendor Advisory
https://www.harmfultrust.com/p/advisories.html
Exploit
Third Party Advisory
http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html
Release Notes
Third Party Advisory
https://github.com/cloudera/hue/pull/346
Third Party Advisory
https://issues.cloudera.org/browse/HUE-3626
Issue Tracking
Patch
Vendor Advisory
https://www.harmfultrust.com/p/advisories.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*

Версия до 3.10.0 (исключая)

EPSS

Процентиль: 64%

0.00462

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-m47g-6x2g-p32r