CVE-2019-14223 Information
Feb 14, 2021
cve
Description
An issue was discovered in Alfresco Community Edition versions below 5.2.6 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.http https ftp smb etc.).
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://community.alfresco.com/content?filterID=allobjecttypethread5Bquestions5D
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open20Redirect20in20Alfresco20Share-Alfresco20Community
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: