Open Redirect Vulnerability in Revive Adserver by Revive Adserver
CVE-2020-8143

6.1MEDIUM

Key Information:

Vendor: Revive-adserver
Status: Https://github.com/revive-adserver/revive-adserver
Vendor: CVE Published:; 3 April 2020

🔔 Create Revive-adserver Vulnerability Alert

What is CVE-2020-8143?

An Open Redirect vulnerability exists in Revive Adserver versions prior to 5.0.5, allowing remote attackers to redirect users to malicious sites. If a user is tricked into clicking a specially crafted link, they may be redirected to an unintended destination. This issue arises due to the potential bypass of CSRF protection on the '/www/admin/*-modify.php' endpoint, especially when no meaningful parameters are provided. Although no action is taken, users experience redirection dictated by the 'returnurl' GET parameter, compromising their browsing security. For more details, visit the security announcements on the Revive Adserver website.

Affected Version(s)

https://github.com/revive-adserver/revive-adserver Fixed in >= 5.0.5

References

https://hackerone.com/reports/794144

x_refsource_MISC

https://www.revive-adserver.com/security/revive-sa-2020-002/

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2020
Vulnerability Reserved
Jan 28, 2020

JSON