Source |
CVE Liste |
Identifiant |
8328181 |
Date de publication |
2023-04-15 16:15:07 (vue: 2023-04-15 19:08:11) |
Titre |
CVE-2023-29204 |
Texte |
Xwiki Commons sont des bibliothèques techniques communes à plusieurs autres projets Xwiki de haut niveau.Il est possible de contourner les mesures de sécurité existantes mises en place pour éviter une redirection ouverte en utilisant une redirection telle que `// mydomain.com` (c'est-à-dire en omettant le` http: `).Il a également été possible de le contourner lors de l'utilisation d'URL tels que `http: / mydomain.com`.Le problème a été corrigé sur Xwiki 13.10.10, 14.4.4 et 14.8rc1.
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. |
Envoyé |
Oui |
Condensat |
2023 29204 8rc1 `//mydomain `http:/mydomain `http:` also are avoid been bypass com` common commons cve existing has level libraries measures omitting open other patched place possible problem projects put redirect security several such technical top url using when xwiki |
Tags |
|
Stories |
|
Notes |
|
Move |
|