CVE-2020-8143
Last modified
CVE-2020-8143 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. EPSS estimates a 70.39% chance of exploitation in the next 30 days.
Description
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Revive-Adserver | Revive Adserver | < 5.0.5 |
References
- https://hackerone.com/reports/794144Exploit, Third Party Advisory
- https://www.revive-adserver.com/security/revive-sa-2020-002/Vendor Advisory
- https://hackerone.com/reports/794144Exploit, Third Party Advisory
- https://www.revive-adserver.com/security/revive-sa-2020-002/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-8143?
How severe is CVE-2020-8143?
How do I fix CVE-2020-8143?
Are you affected by CVE-2020-8143?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST