CVE-2023-28370

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Tornado versions 6.3.1 and earlier

Description The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This is related to the use of open redirect in the Tornado web framework.

Recommendations For Tornado versions 6.3.1 and earlier, as a temporary workaround, consider restricting access to the affected URL endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALSA-2023:6523

ALT-PU-2023-1809

AZL-43486

AZL-44277

BDU:2025-00947

CVE-2023-28370

DLA-4007-1

GHSA-HJ3F-6GCP-JG8J

INFSA-2023_6523

MGASA-2023-0211

OESA-2023-1370

OPENSUSE-SU-2023_3139-1

OPENSUSE-SU-2023_3144-1

OPENSUSE-SU-2023_3145-1

OPENSUSE-SU-2024:13107-1

OPENSUSE-SU-2024:13121-1

PYSEC-2023-75

RHSA-2023:6523

RHSA-2023_6523

SUSE-SU-2023:2770-1

SUSE-SU-2023:2807-1

SUSE-SU-2023:3122-1

SUSE-SU-2023:3123-1

SUSE-SU-2023:3128-1

SUSE-SU-2023:3131-1

SUSE-SU-2023:3137-1

SUSE-SU-2023:3139-1

SUSE-SU-2023:3142-1

SUSE-SU-2023:3143-1

SUSE-SU-2023:3144-1

SUSE-SU-2023:3145-1

SUSE-SU-2023_3122-1

SUSE-SU-2023_3123-1

SUSE-SU-2023_3131-1

SUSE-SU-2023_3139-1

SUSE-SU-2023_3143-1

SUSE-SU-2023_3144-1

SUSE-SU-2023_3145-1

USN-6159-1

USN-7150-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Red Hat

Red Os

Suse

Tornado

Ubuntu

CVE-2023-28370

Weakness Enumeration

Related Identifiers

Affected Products

References · 79