CVE-2017-5871
published 2019-05-22CVE-2017-5871: Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
PriorityP433medium5.4CVSS 3.0
AVNACLPRNUIRSUCLILAN
EXPLOIT
EPSS
2.68%
83.9th percentile
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | odoo | — | — |
| odoo | odoo | — | — |
| odoo | odoo | — | — |
| odoo | odoo | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_debian5.4LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-5871: odoo - Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirec...
vendor_debian·2017·CVSS 5.4
CVE-2017-5871 [MEDIUM] CVE-2017-5871: odoo - Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirec...
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
Scope: local
bullseye: resolved
sid: resolved
GHSA
GHSA-cwpq-rg22-433h: Odoo Version <= 8
ghsa_unreviewed·2022-05-24
CVE-2017-5871 [MEDIUM] CWE-601 GHSA-cwpq-rg22-433h: Odoo Version <= 8
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
No detection rules found.
Nuclei
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
nuclei·CVSS 5.4
CVE-2017-5871 [MEDIUM] Odoo <= 8.0-20160726 & 9.0 - Open Redirect
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.
Template:
id: CVE-2017-5871
info:
name: Odoo <= 8.0-20160726 & 9.0 - Open Redirect
author: 1337rokudenashi
severity: medium
description: |
An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.
impact: |
Successful exploitation can redirect users to malicious sites, potentially leading to phishing attacks or information theft.
remediation: |
Update Odoo to the latest patched version provided by the vendor.
reference:
- https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/
- https
2019-05-22
Published