An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
References
Link | Resource |
---|---|
https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D | Vendor Advisory |
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-06T16:04:29
Updated: 2020-07-21T13:45:17
Reserved: 2019-07-21T00:00:00
Link: CVE-2019-14223
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-09-06T17:15:11.463
Modified: 2020-07-23T18:11:52.430
Link: CVE-2019-14223
JSON object: View
Redhat Information
No data.
CWE