A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
References
Link | Resource |
---|---|
https://hackerone.com/reports/390663 | Exploit Third Party Advisory |
https://www.revive-adserver.com/security/revive-sa-2019-001/ | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2019-05-06T16:51:54
Updated: 2019-05-06T16:51:54
Reserved: 2019-01-04T00:00:00
Link: CVE-2019-5433
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-06T17:29:00.620
Modified: 2019-10-09T23:50:51.713
Link: CVE-2019-5433
JSON object: View
Redhat Information
No data.
CWE