PT-2023-26723 · Opnsense · Opnsense Community Edition+1

Feliks Penconek

Publicado

2023-08-09

Atualizado

2023-10-10

CVE-2023-38998

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2

Description The issue is an open redirect in the Login page of OPNsense, allowing attackers to redirect a victim user to an arbitrary web site via a crafted URL.

Recommendations For OPNsense Community Edition versions prior to 23.7, update to version 23.7 or later. For OPNsense Business Edition versions prior to 23.4.2, update to version 23.4.2 or later.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2023-38998

Produtos afetados

Opnsense Business Edition

Opnsense Community Edition

PT-2023-26723 · Opnsense · Opnsense Community Edition+1

CVE-2023-38998

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6