GHSA-82j9-wfcf-9v2h

Suggest an improvement
Source
https://github.com/advisories/GHSA-82j9-wfcf-9v2h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-82j9-wfcf-9v2h/GHSA-82j9-wfcf-9v2h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-82j9-wfcf-9v2h
Aliases
Published
2022-05-24T17:07:14Z
Modified
2024-10-18T22:12:18.563843Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Plone Open Redirect Vulnerability
Details

An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.

References

Affected packages

PyPI / plone

Package

Name
plone
View open source insights on deps.dev
Purl
pkg:pypi/plone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0
Fixed
4.3.20

Affected versions

4.*

4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19

PyPI / plone

Package

Name
plone
View open source insights on deps.dev
Purl
pkg:pypi/plone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0rc1
Fixed
5.1.7

Affected versions

5.*

5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6

PyPI / plone

Package

Name
plone
View open source insights on deps.dev
Purl
pkg:pypi/plone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.2.2

Affected versions

5.*

5.2.0
5.2.1