Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qcDU1LXZ2bWYtNjNtds0p1Q

URL Redirection to Untrusted Site ('Open Redirect')

Impact

There's no protection against URL redirection to untrusted site, in particular some well known parameters (xredirect) can be used to perform such redirections.

Patches

The problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1.

Workarounds

There's no known workaround for this issue.

References

https://jira.xwiki.org/browse/XWIKI-10309

For more information

If you have any questions or comments about this advisory:

• Open an issue in JIRA
• Email us at Security ML

Permalink: https://github.com/advisories/GHSA-jp55-vvmf-63mv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcDU1LXZ2bWYtNjNtds0p1Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago

CVSS Score: 4.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Identifiers: GHSA-jp55-vvmf-63mv, CVE-2022-23618
References:

• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
• https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096
• https://jira.xwiki.org/browse/XWIKI-10309
• https://nvd.nist.gov/vuln/detail/CVE-2022-23618
• https://github.com/advisories/GHSA-jp55-vvmf-63mv

Repository: https://github.com/xwiki/xwiki-platform
Blast Radius: 1.0

Affected Packages