CVE-2023-28800 - OpenCVE

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zscaler	Client Connector

Configuration 1 [-]

OR	cpe:2.3:a:zscaler:client_connector::::::linux::*
	cpe:2.3:a:zscaler:client_connector::::::iphone_os::*
	cpe:2.3:a:zscaler:client_connector::::::chrome_os::*
	cpe:2.3:a:zscaler:client_connector::::::android::*
	cpe:2.3:a:zscaler:client_connector::::::windows::*
	cpe:2.3:a:zscaler:client_connector::::::macos::*

References

Link	Resource
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246	Release Notes
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706	Release Notes
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771	Release Notes
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071	Release Notes
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macOS&applicable_version=3.9&deployment_date=2023-01-25&id=1443546	Release Notes
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Zscaler

Published: 2023-06-22T19:15:55.258Z

Updated: 2023-06-22T19:15:55.258Z

Reserved: 2023-03-23T18:29:15.802Z

Link: CVE-2023-28800

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-22T20:15:09.373

Modified: 2023-06-30T15:08:41.290

Link: CVE-2023-28800

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-28800", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2023-03-23T18:29:15.802Z", "datePublished": "2023-06-22T19:15:55.258Z", "dateUpdated": "2023-06-22T19:15:55.258Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "3.9 Mac, 3.7 Win, 1.9.3 iOS, 1.10.2 Android, 1.10.1 Chrome OS, 1.4 Linux", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tesla Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.\n\n"}], "value": "When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2023-06-22T19:15:55.258Z"}, "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macOS&applicable_version=3.9&deployment_date=2023-01-25&id=1443546"}], "source": {"discovery": "UNKNOWN"}, "title": "Output encoding missing in redrurl parameter", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*", "matchCriteriaId": "904F4E73-6782-4AD8-8521-FEB473BF11CF", "versionEndExcluding": "1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "8580E274-19E5-454B-9FA4-F79D6E67C244", "versionEndExcluding": "1.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:chrome_os:*:*", "matchCriteriaId": "1A4B24E4-D317-4D64-8BBC-EF86290F812C", "versionEndExcluding": "1.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:android:*:*", "matchCriteriaId": "753A378D-ECC2-4CBD-B142-58F413AF5497", "versionEndExcluding": "1.10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B549DC33-2238-4356-8079-A7D18323255E", "versionEndExcluding": "3.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*", "matchCriteriaId": "A2D8B3BE-B451-4596-8FDB-BD43BC2BB923", "versionEndExcluding": "3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.\n\n"}], "id": "CVE-2023-28800", "lastModified": "2023-06-30T15:08:41.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "cve@zscaler.com", "type": "Secondary"}]}, "published": "2023-06-22T20:15:09.373", "references": [{"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246"}, {"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706"}, {"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771"}, {"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071"}, {"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macOS&applicable_version=3.9&deployment_date=2023-01-25&id=1443546"}, {"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve@zscaler.com", "type": "Secondary"}]}