CVE-2021-32806:Open Redirect vulnerability in Products.isurlinportal for Plone allows attackers to redirect victims to malicious sites through URL manipulation.

splash
Back

Description Preview

Products.isurlinportal, a replacement for the isURLInPortal method in Plone, contained an Open Redirect vulnerability in versions prior to 1.2.0. The vulnerability stems from improper URL validation where a URL like 'https:example.org' (without slashes) was incorrectly considered safe and within the portal. When redirecting to such malformed URLs, some browsers would automatically correct the format and navigate to 'https://example.org', while others would generate errors. This vulnerability could be exploited by attackers to redirect victims to malicious websites, particularly as part of phishing campaigns where users might trust links appearing to come from a legitimate Plone site.

Overview

The vulnerability exists in Products.isurlinportal prior to version 1.2.0, which is used by various parts of Plone for security checks when determining if it's safe to redirect to a URL. The core issue is that the component incorrectly validates URLs that are missing forward slashes after the protocol (e.g., 'https:example.org' instead of 'https://example.org'). This flawed validation considers such malformed URLs to be within the portal and therefore safe, when they actually reference external domains. When a user encounters such a redirect, their browser might automatically "fix" the malformed URL, resulting in navigation to an external site that could be controlled by an attacker. This open redirect vulnerability is particularly dangerous as it can facilitate convincing phishing attacks where victims believe they're accessing trusted content.

Remediation

Users should upgrade Products.isurlinportal to version 1.2.0 or later, which contains a fix for this vulnerability. The patch corrects the URL validation logic to properly identify and block malformed URLs missing forward slashes after the protocol.

If immediate upgrading is not possible, consider implementing additional URL validation at the application level before allowing redirects, specifically checking for proper URL formatting including the presence of forward slashes after the protocol.

Site administrators should also review their logs for any suspicious redirect patterns that might indicate exploitation attempts of this vulnerability.

References

  1. JVN#50804280: http://jvn.jp/en/jp/JVN50804280/index.html
  2. Fix Commit: https://github.com/plone/Products.isurlinportal/commit/d4fd34990d18adf05a10dc5e2bb4b066798280ba
  3. GitHub Security Advisory: https://github.com/plone/Products.isurlinportal/security/advisories/GHSA-q3m9-9fj2-mfwr

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background