Plone Open Redirection vulnerability via next parameter

🗓️ 14 May 2022 02:54:25Reported by GitHub Advisory DatabaseType

Plone Open Redirection vulnerability via next parameter The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2013-4200	31 Jul 201300:00	–	circl
CVE	CVE-2013-4200	21 Jan 201416:00	–	cve
Cvelist	CVE-2013-4200	21 Jan 201416:00	–	cvelist
EUVD	EUVD-2014-0082	7 Oct 202500:30	–	euvd
NVD	CVE-2013-4200	21 Jan 201416:06	–	nvd
OSV	GHSA-56P3-RRP4-2J82 Plone Open Redirection vulnerability via next parameter	14 May 202202:54	–	osv
OSV	PYSEC-2014-64	21 Jan 201416:06	–	osv
Packet Storm	Plone CMS Credential Disclosure	17 Jan 201400:00	–	packetstorm
Prion	Authentication flaw	21 Jan 201416:06	–	prion
Positive Technologies	PT-2014-2763 · Plone Foundation · Plone	21 Jan 201400:00	–	ptsecurity

Vulners

Node

plone ploneRange4.3–4.3.2pip

plone ploneRange4.2–4.2.6pip

plone ploneRange2.1–4.1.1pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2013-4200
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
plone	www.plone.org/products/plone-hotfix/releases/20130618
plone	www.plone.org/products/plone/security/advisories/20130618-announcement
openwall	www.openwall.com/lists/oss-security/2013/08/01/2
github	www.github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml
github	www.github.com/advisories/GHSA-56p3-rrp4-2j82

15 Oct 2024 17:15Current

6.3Medium risk

Vulners AI Score6.3

CVSS 25.8

EPSS0.05344

CWE-601