CVE-2017-20164

Опубликовано: 07 янв. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The patch is identified as b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244
Patch
https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3
Release Notes
https://vuldb.com/?ctiid.217626
Third Party Advisory
VDB Entry
https://vuldb.com/?id.217626
Third Party Advisory
VDB Entry
https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244
Patch
https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3
Release Notes
https://vuldb.com/?ctiid.217626
Third Party Advisory
VDB Entry
https://vuldb.com/?id.217626
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:symbiote:seed:*:*:*:*:*:silverstripe:*:*

Версия от 6.0.0 (включая) до 6.0.3 (исключая)

EPSS

Процентиль: 50%

0.00273

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-wm32-3r4m-jvcc

CVSS3: 6.1

github

около 3 лет назад

Symbiote Seed Open Redirect vulnerability

EPSS

Процентиль: 50%

0.00273

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-601