HTTP Open Redirect in Parameter "failure" After Login (CVE-2019-14223)

cancel
Showing results for 
Search instead for 
Did you mean: 
leochan168
Member II

HTTP Open Redirect in Parameter "failure" After Login (CVE-2019-14223)

An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.

Penetration tester found that Alfresco CMS affected by CVE-2019-14223. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website.

 

With this vulnerability, attacker may able to redirect victim to external malicious site. In more sophisticated attacks, attacker also able to set up phishing pages or hosted malicious javascript to be executed on victim browser on the site.

1 Reply
angelborroy
Alfresco Employee

Re: HTTP Open Redirect in Parameter "failure" After Login (CVE-2019-14223)

Since 5.2 is not a supported version any more, please upgrade to version 6.2 or later.

Additional details on this vulnerability are available in https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfre...

Hyland Developer Evangelist