Описание
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com (i.e. omitting the http:). It was also possible to bypass it when using URL such as http:/mydomain.com. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.
Ссылки
- Patch
- ExploitPatchVendor Advisory
- ExploitIssue Tracking
- ExploitIssue Tracking
- Patch
- ExploitPatchVendor Advisory
- ExploitIssue Tracking
- ExploitIssue Tracking
Уязвимые конфигурации
Конфигурация 1Версия от 6.0 (включая) до 13.10.10 (исключая)Версия от 14.4.0 (включая) до 14.4.4 (исключая)Версия от 14.5 (включая) до 14.7 (включая)
Одно из
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:6.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12787
Средний
4.7 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 4.7
github
больше 2 лет назад
org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability
EPSS
Процентиль: 94%
0.12787
Средний
4.7 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601