CVE-2013-4200

Name of the Vulnerable Software and Affected Versions Plone versions 2.1 through 4.1 Plone versions 4.2.x through 4.2.5 Plone versions 4.3.x through 4.3.1

Description The issue allows remote attackers to bypass filtering and redirect users to arbitrary web sites, potentially conducting phishing attacks. This is achieved by exploiting the isURLInPortal method in the URLTool class, which incorrectly treats URLs starting with a space as relative URLs. Attackers can exploit this by including a space before a URL in the next parameter to acl users/credentials cookie auth/require login.

Recommendations For Plone versions 2.1 through 4.1, update to a version outside of this range to mitigate the risk. For Plone versions 4.2.x through 4.2.5, update to a version outside of this range to mitigate the risk. For Plone versions 4.3.x through 4.3.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the acl users/credentials cookie auth/require login endpoint to minimize the risk of exploitation.