Lucene search

PayaraVULNRICHMENT:CVE-2023-41699

HistoryNov 15, 2023 - 7:54 p.m.

CVE-2023-41699 Payara Platform: URL Redirection to untrusted site using FORM authentication

2023-11-1519:54:23

CWE-601

Payara

github.com

cve-2023-41699

payara platform

url redirection

form authentication

open redirect

payara server

payara micro

payara embedded

servlet implementation

libraries

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

References

docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html

docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-41699