CVE-2020-23015

Beschreibung:
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter „url“ in login page was not filtered and can redirect user to any website.

CWE: CWE-601

CVSS-Bewertung
CVSS 2: MEDIUM – 5.8 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.1)

Links:

NVD – CVE-2020-23015
CVE – CVE-2020-23015

Link (max. 20) Quelle Tags
https://github.com/opnsense/core/issues/4061 MISC Exploit Issue Tracking Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067 MISC Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028 MISC Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 MISC
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 MISC

Quelle: NVD – CVE-2020-23015
Datum Veröffentlichung: 2021-05-03T22:15Z, Datum letzte Änderung: 2021-05-11T13:54Z