CVE-2013-4200

Plone < 4.1.1 - Access Control

Title source: rule

Description

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Cyrill Bannwart · textwebappspython

https://www.exploit-db.com/exploits/38738

View Code ZIP pw:eip

References (5)

[Patch] http://plone.org/products/plone-hotfix/releases/20130618

[Vendor Advisory] http://plone.org/products/plone/security/advisories/20130618-announcement

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/530787/100/0/threaded

[Mailing List] http://www.openwall.com/lists/oss-security/2013/08/01/2

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200

Scores

EPSS 0.0530

EPSS Percentile 90.1%

Details

CWE

CWE-264

Status published

Products (47)

plone/plone 2.1

plone/plone 2.1.1

plone/plone 2.1.2

plone/plone 2.1.3

plone/plone 2.1.4

plone/plone 3.0

plone/plone 3.0.1

plone/plone 3.0.2

plone/plone 3.0.3

plone/plone 3.0.4

... and 37 more

Published Jan 21, 2014

Tracked Since Feb 18, 2026