Redirection Flaw in Knock Knock Plugin for Craft CMS
CVE-2020-13486

6.1MEDIUM

Key Information:

Vendor: Verbb
Status: Knock Knock
Vendor: CVE Published:; 25 May 2020

What is CVE-2020-13486?

The Knock Knock plugin for Craft CMS, specifically versions before 1.2.8, is susceptible to a vulnerability that allows for malicious redirection of users. This exploit could enable attackers to redirect users to harmful sites, potentially compromising sensitive information or injecting further vulnerabilities. Users are encouraged to update to the latest version to mitigate risks.

References

https://github.com/verbb/knock-knock/blob/craft-3/CHANGEL...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2020
Vulnerability Reserved
May 25, 2020

CVE-2020-13486 Data

JSON

Verbb

What is CVE-2020-13486?

References

CVSS V3.1

Timeline