PT-2021-10812 · Opnsense · Opnsense
Naivekun
·
Published
2021-05-03
·
Updated
2021-05-11
·
CVE-2020-23015
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OPNsense versions through 20.1.5
Description
An open redirect issue was discovered. The redirect parameter
url in the login page was not filtered and can redirect a user to any website.Recommendations
For OPNsense versions through 20.1.5, update to a version later than 20.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the login page or filtering the
url parameter to minimize the risk of exploitation.Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opnsense