CVE-2020-23015
published 2021-05-03CVE-2020-23015: An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.69%
84.0th percentile
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opnsense | opnsense | <= 20.1.5 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
OPNsense <=20.1.5 - Open Redirect
nuclei·CVSS 6.1
CVE-2020-23015 [MEDIUM] OPNsense <=20.1.5 - Open Redirect
OPNsense <=20.1.5 - Open Redirect
OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2020-23015
info:
name: OPNsense <=20.1.5 - Open Redirect
author: 0x_Akoko
severity: medium
description: OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Successful exploitation of this vulnerability could allow an
No writeups or analysis indexed.
2021-05-03
Published