6.1

CVE-2020-8143

Exploit

EPSS 6.37%
Veröffentlicht 03.04.2020 21:15:12
Zuletzt bearbeitet 21.11.2024 05:38:22
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Revive-adserver ≫ Revive Adserver Version < 5.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.37%	0.908

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://www.revive-adserver.com/security/revive-sa-2020-002/

Vendor Advisory

https://hackerone.com/reports/794144

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-8143

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8143

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8143

EUVD