CVE-2019-14223

Опубликовано: 06 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Средний

Описание

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).

Ссылки

https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
Exploit
Third Party Advisory
https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*

Версия до 5.2.6 (исключая)

cpe:2.3:a:alfresco:alfresco:6.0:*:*:*:community:*:*:*

cpe:2.3:a:alfresco:alfresco:6.1:*:*:*:community:*:*:*

EPSS

Процентиль: 97%

0.37266

Средний

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-r489-wv9g-p54f

github

больше 3 лет назад