CVE-2020-8143

03.04.2020, 21:15

An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the /www/admin/*-modify.php could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the returnurl GET parameter.

Open Redirect

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
hackerone	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
revive-adserver	revive_adserver	𝑥 < 5.0.5

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://hackerone.com/reports/794144

https://www.revive-adserver.com/security/revive-sa-2020-002/

https://hackerone.com/reports/794144

https://www.revive-adserver.com/security/revive-sa-2020-002/