|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-12-05 | |
| Rule Name: | Odoo CMS Open Redirect Vulnerability (CVE-2017-5871) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Odoo is a complete open source framework suitable for customizing ERP systems, e-commerce systems, CMS, or websites that meet customers' needs. There is an open redirection vulnerability in Odoo CMS 8.0-20160726 and earlier versions and 9. The vulnerability stems from the network system or product not properly verifying the input data. | |
| Impact: | The server does not check and control the incoming redirect URL variables, and attackers can maliciously construct any malicious address to induce users to jump to malicious websites. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://www.odoo.com https://sysdream.com/news/lab/2017-11-20-cve-2017-5871-odoo-url-redirection-to-distrusted-site-open-redirect/ https://nvd.nist.gov/vuln/detail/CVE-2017-5871 |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://github.com/odoo/odoo/issues/17800 |