CVE-2023-46750

CWE-601Open Redirect10 documents8 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 57.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ShiroApache Shiro
Timeline
PublishedDec 14
Latest updateDec 10

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDapache/shiro< 1.13.0+1
Mavenorg.apache.shiro:shiro-web2.0.0-alpha-12.0.0-alpha-4+1
CVEListV5apache_software_foundation/apache_shiro2.0.0-alpha-12.0.0-alpha-4+1

🔴Vulnerability Details

5
OSV
shiro vulnerabilities2024-12-10
OSV
Open redirect in Apache Shiro2023-12-14
CVEList
Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.2023-12-14
GHSA
Open redirect in Apache Shiro2023-12-14
OSV
CVE-2023-46750: URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro2023-12-14

📋Vendor Advisories

4
Ubuntu
Apache Shiro vulnerabilities2024-12-10
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: WebCenter Sites (Apache Shiro) — CVE-2023-467502024-07-15
Red Hat
shiro: URL redirection to untrusted site in FORM authentication feature2023-12-13
Debian
CVE-2023-46750: shiro - URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" au...2023
CVE-2023-46750 (MEDIUM CVSS 6.1) | URL Redirection to Untrusted Site ( | cvebase.io