CVE-2017-1000481: Products.CMFPlone Open Redirect Vulnerability
6.1
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.42124%
CWE
Published
5/14/2022
Updated
10/17/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Products.CMFPlone | pip | < 4.3.17 | 4.3.17 |
Products.CMFPlone | pip | >= 5.0.0, < 5.0.10 | 5.0.10 |
Products.CMFPlone | pip | >= 5.1a1, < 5.1.0 | 5.1.0 |
Plone | pip | >= 2.5, < 4.3.16 | 4.3.16 |
Plone | pip | >= 5, < 5.1.0 | 5.1.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from insufficient validation
in the isURLInPortal()
function, which is responsible for ensuring redirects stay within the portal. The provided commit diffs (e.g., 05a943e) explicitly modify this function to add schema validation
, HTML unescaping, and substring checks for malicious patterns. These fixes directly address the bypass techniques described in the vulnerability report, confirming this function was the weak point.