CVE-2023-46750

EPSS 0.2%
Veröffentlicht 14.12.2023 09:15:42
Zuletzt bearbeitet 03.11.2025 22:16:29
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.
Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Shiro Version < 1.13.0

Apache ≫ Shiro Version2.0.0 Updatealpha1

Apache ≫ Shiro Version2.0.0 Updatealpha2

Apache ≫ Shiro Version2.0.0 Updatealpha3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.424

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9

Mailing List

https://security.netapp.com/advisory/ntap-20240808-0002/

https://security.netapp.com/advisory/ntap-20241108-0002/

https://nvd.nist.gov/vuln/detail/CVE-2023-46750

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46750

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46750

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-46750