PT-2022-16115 · Varnish+2 · Varnish+2
Gustav Hansen
·
Published
2022-01-28
·
Updated
2023-06-27
·
CVE-2022-23599
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Plone versions 2.1 through 4.3
Products.ATContentTypes versions prior to 3.0.6
Description
The issue concerns reflected cross site scripting and open redirect vulnerabilities. An attacker can exploit these by getting a compromised version of the
image view fullscreen page into a cache, such as Varnish, using a technique known as cache poisoning. This can lead to any later visitor being redirected when clicking on a link on the compromised page. Typically, only anonymous users are affected, but this depends on the user's cache settings.Recommendations
For Plone versions 2.1 through 4.3, update Products.ATContentTypes to version 3.0.6.
For versions of Products.ATContentTypes prior to 3.0.6, as a temporary workaround, ensure the
image view fullscreen page is not stored in the cache.
To implement the workaround in Plone:- Login as Manager and go to Site Setup.
- Go to the 'Caching' control panel.
- Click on the tab 'Caching operations'.
- Under 'Legacy template mappings' locate the ruleset 'Content item view'.
- From the last column ('Templates') remove
image view fullscreen. - Click on Save.
Exploit
Fix
Open Redirect
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Plone
Products.Atcontenttypes
Varnish