URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-1000484
Summary
By linking to a specific url in Plone 2.5-5.1rc1, also in Zope 4.0b1 up to 4.0b2 and in Zope2 2.x up to 2.13.26 and 4.0a1 up to 4.016 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
- LOW
- NETWORK
- LOW
- CHANGED
- REQUIRED
- NONE
- LOW
- NONE
CWE-601 - Open Redirect
An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.
Advisory Timeline
- Published