CVE-2021-32806

Name of the Vulnerable Software and Affected Versions Products.isurlinportal versions prior to 1.2.0

Description The issue concerns an Open Redirect vulnerability in Products.isurlinportal, a replacement for the isURLInPortal method in Plone. This vulnerability can be exploited when the 'is url in portal' check is used for security, primarily to determine if it is safe to redirect to a URL. For instance, a URL like https://example.org is not considered to be in the portal, whereas a URL like https:example.org without slashes is incorrectly considered to be in the portal. This discrepancy can lead to inconsistent behavior among browsers when redirecting, with some browsers redirecting to the correct URL and others displaying an error. Attackers can utilize this vulnerability to redirect victims to their site, particularly as part of a phishing attack.

Recommendations For versions prior to 1.2.0, upgrade to Products.isurlinportal 1.2.0 to patch the vulnerability. This upgrade is recommended for all users of Plone 4.3 and 5, on Python 2.7 or higher. Note that this upgrade has not been tested on earlier Plone or Python versions. Upcoming Plone 5.2.5 and higher will include the new version of Products.isurlinportal. As a temporary workaround, consider restricting the use of the 'is url in portal' check to minimize the risk of exploitation.