Issues » Client Side URL Redirection

Issue: SI-46
Date: Jan 10, 2019 9:00:00 AM
Severity: Moderate
Requires Admin Access: Yes
Fix Version: TBD
Credit: Johannes Moritz - RIPS TECHNOLOGIES GMBH
Description:

A URL of attackers choice can be passed as a parameter to a specific dotCMS endpoint.  This endpoint responds with a 302 redirect which causes the browser to load the URL passed into dotCMS.  This could be used a part of a phishing attack or to redirect user to an infection page. - https://www.owasp.org/index.php/Testing_for_Client_Side_URL_Redirect_(OTG-CLIENT-004)

To exploit this vulnerability, the user must be logged into the backend of dotCMS.

Status of this issue can be tracked here:  https://github.com/dotCMS/core/issues/15810

Workaround:

Application firewall