An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.
Penetration tester found that Alfresco CMS affected by CVE-2019-14223. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website.
With this vulnerability, attacker may able to redirect victim to external malicious site. In more sophisticated attacks, attacker also able to set up phishing pages or hosted malicious javascript to be executed on victim browser on the site.
Since 5.2 is not a supported version any more, please upgrade to version 6.2 or later.
Additional details on this vulnerability are available in https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfre...
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.