Open Redirect Vulnerability in OPNsense Community and Business Edition
CVE-2023-38998

6.1MEDIUM

Key Information:

Vendor

Opnsense

Status
Opnsense
Vendor
CVE Published:
9 August 2023

What is CVE-2023-38998?

An open redirect vulnerability exists in the Login page of OPNsense Community Edition prior to version 23.7 and Business Edition prior to version 23.4.2. This flaw enables attackers to manipulate crafted URLs to redirect users to arbitrary and potentially harmful websites. By exploiting this vulnerability, malicious actors can deceive users into providing sensitive information or downloading malicious content, thereby compromising their security and privacy.

References

https://github.com/opnsense/core/commit/6bc025af1705dcdd8...
https://logicaltrust.net/blog/2023/08/opnsense.html

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.