PT-2023-9854 · Tornado+8 · Tornado+8

Masashi Yamane

·

Publicado

2023-05-16

·

Atualizado

2025-01-20

·

CVE-2023-28370

CVSS v2.0

6.4

Média

VetorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Tornado versions 6.3.1 and earlier
Description The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This is related to the use of open redirect in the Tornado web framework.
Recommendations For Tornado versions 6.3.1 and earlier, as a temporary workaround, consider restricting access to the affected URL endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

ALSA-2023:6523
ALT-PU-2023-1809
AZL-43486
AZL-44277
BDU:2025-00947
CVE-2023-28370
DLA-4007-1
GHSA-HJ3F-6GCP-JG8J
INFSA-2023_6523
MGASA-2023-0211
OESA-2023-1370
OPENSUSE-SU-2023_3139-1
OPENSUSE-SU-2023_3144-1
OPENSUSE-SU-2023_3145-1
OPENSUSE-SU-2024:13107-1
OPENSUSE-SU-2024:13121-1
PYSEC-2023-75
RHSA-2023:6523
RHSA-2023_6523
SUSE-SU-2023:2770-1
SUSE-SU-2023:2807-1
SUSE-SU-2023:3122-1
SUSE-SU-2023:3123-1
SUSE-SU-2023:3128-1
SUSE-SU-2023:3131-1
SUSE-SU-2023:3137-1
SUSE-SU-2023:3139-1
SUSE-SU-2023:3142-1
SUSE-SU-2023:3143-1
SUSE-SU-2023:3144-1
SUSE-SU-2023:3145-1
SUSE-SU-2023_3122-1
SUSE-SU-2023_3123-1
SUSE-SU-2023_3131-1
SUSE-SU-2023_3139-1
SUSE-SU-2023_3143-1
SUSE-SU-2023_3144-1
SUSE-SU-2023_3145-1
USN-6159-1
USN-7150-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Linuxmint
Red Hat
Red Os
Suse
Tornado
Ubuntu