admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-256xx/CVE-2024-25609.json
cad-safe-bot 59042740b5 Auto-Update: 2024-02-20T21:00:31.389455+00:00
2024-02-20 21:00:35 +00:00

59 lines
2.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-25609",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T10:15:08.707",
"lastModified": "2024-02-20T19:50:53.960",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977."
},
{
"lang": "es",
"value": "HtmlUtil.escapeRedirect en Liferay Portal 7.2.0 a 7.4.3.12 y versiones anteriores no compatibles, y Liferay DXP 7.4 anterior a la actualizaci\u00f3n 9, 7.3 service pack 3, 7.2 fixpack 15 a 18 y versiones anteriores no compatibles se pueden eludir usando dos barras diagonales, que permiten a atacantes remotos redirigir a los usuarios a URL externas arbitrarias a trav\u00e9s del (1) par\u00e1metro 'redirect` (2) el par\u00e1metro `FORWARD_URL` y (3) otros par\u00e1metros que dependen de HtmlUtil.escapeRedirect. Esta vulnerabilidad es el resultado de una soluci\u00f3n incompleta en CVE-2022-28977."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609",
"source": "security@liferay.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink