Miggo Logo

CVE-2017-1000481: Products.CMFPlone Open Redirect Vulnerability

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.42124%
Published
5/14/2022
Updated
10/17/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Products.CMFPlonepip< 4.3.174.3.17
Products.CMFPlonepip>= 5.0.0, < 5.0.105.0.10
Products.CMFPlonepip>= 5.1a1, < 5.1.05.1.0
Plonepip>= 2.5, < 4.3.164.3.16
Plonepip>= 5, < 5.1.05.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient validation in the isURLInPortal() function, which is responsible for ensuring redirects stay within the portal. The provided commit diffs (e.g., 05a943e) explicitly modify this function to add schema validation, HTML unescaping, and substring checks for malicious patterns. These fixes directly address the bypass techniques described in the vulnerability report, confirming this function was the weak point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n you visit * p*** w**r* you n*** to lo*in, Plon* *.*-*.*r** s*n*s you to t** lo*in *orm wit* * '**m*_*rom' p*r*m*t*r s*t to t** pr*vious url. **t*r you lo*in, you **t r**ir**t** to t** p*** you tri** to vi*w ***or*. *n *tt**k*r mi**t try to **us*

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt `v*li**tion` in t** `isURLInPort*l()` *un*tion, w*i** is r*sponsi*l* *or *nsurin* r**ir**ts st*y wit*in t** port*l. T** provi*** *ommit *i**s (*.*., *******) *xpli*itly mo*i*y t*is *un*tion to *** s***m* `v*l