Vulnerability Description
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alfresco | Alfresco | < 5.2.6 |
Related Weaknesses (CWE)
References
- https://community.alfresco.com/content?filterID=all~objecttype~thread%5BquestionVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20RExploitThird Party Advisory
- https://community.alfresco.com/content?filterID=all~objecttype~thread%5BquestionVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20RExploitThird Party Advisory
FAQ
What is CVE-2019-14223?
CVE-2019-14223 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By mani...
How severe is CVE-2019-14223?
CVE-2019-14223 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14223?
Check the references section above for vendor advisories and patch information. Affected products include: Alfresco Alfresco.