xwiki xwiki 指向未可信站点的url重定向（开放重定向）

CVE编号

CVE-2022-23618

利用情况

暂无

补丁情况

N/A

披露时间

2022-02-10

漏洞描述

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a376...
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
https://jira.xwiki.org/browse/XWIKI-10309

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	xwiki	xwiki	*		Up to (including) 12.10.6
	运行在以下环境
	应用	xwiki	xwiki	*	From (including) 13.0	Up to (including) 13.3

攻击路径网络
攻击复杂度低
权限要求无
影响范围已更改
用户交互需要
可用性无
保密性低
完整性低

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CWE-ID 漏洞类型 CWE-601 指向未可信站点的URL重定向（开放重定向）

正文

xwiki xwiki 指向未可信站点的url重定向（开放重定向）

漏洞描述

解决建议

参考链接

受影响软件情况

相关阅读

IBM Jazz Reporting Service-Rational-CLM安全绕过管理任务执行漏洞

IBM Jazz Reporting Service up to 5.0.2/6.0.0 Report Builder 跨站脚本攻击

IBM WebSphere MQ Light拒绝服务漏洞

NetApp Data ONTAP信息泄露漏洞

发表评论取消回复

还没有评论，来说两句吧...

目录[+]