Open Redirection Allowed - Bloomreach Experience - Open Source CMS

Open Redirection Allowed 

Issue date: 15-01-2020
Affects versions: 13.4, 13.3, 12.5, 11.2

Issue ID

SECURITY-131

 

Affected Product Version(s)

13.4.0, 12.6.7, 11.2.16 (and previous minor and patch releases)


Severity 

Low

Description

Open redirection is allowed on the affected application, which allows a malicious individual to perform social engineering attacks (i.e. phishing). The redirection is done after entering valid credentials to access the application.

Steps to Reproduce:

  1. Open a web browser and access the following URL: https://<server>/site/login/form
  2. While intercepting traffic with an internet proxy, submit valid credentials.
  3. Observe the parameter ‘destination’ on the body of the request, it indicates the destination upon successful login, which can be altered by modifying its value.

Instructions

Every customer is advised to upgrade as soon as possible to the latest maintenance release as indicated above, or higher. This can be done by simply incrementing the version number of the parent POM for the implementation project.