PT-2023-22201 · Xwiki · Xwiki Commons
Fabian Hafner
·
Publicado
2023-04-12
·
Atualizado
2023-04-26
·
CVE-2023-29204
CVSS v3.1
4.7
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Commons versions prior to 13.10.10
XWiki Commons versions prior to 14.4.4
XWiki Commons versions prior to 14.8RC1
Description
It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as
//mydomain.com (i.e. omitting the http:) or a URL such as http:/mydomain.com.Recommendations
For versions prior to 13.10.10, update to version 13.10.10 or later.
For versions prior to 14.4.4, update to version 14.4.4 or later.
For versions prior to 14.8RC1, update to version 14.8RC1 or later.
As a temporary workaround, consider providing a patched jar of xwiki-platform-oldcore containing the necessary changes.
Exploit
Correção
Open Redirect
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xwiki Commons