Lucene search

[email protected]NVD:CVE-2022-4496

HistoryJan 30, 2023 - 9:15 p.m.

CVE-2022-4496

2023-01-3021:15:10

[email protected]

web.nvd.nist.gov

saml sso

wordpress

open redirect

cve-2022-4496

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.

Affected configurations

NVD

Node

miniorangesaml_sp_single_sign_onRange12.0.0–12.1.0premiumwordpress

miniorangesaml_sp_single_sign_onRange16.0.0–16.0.8standardwordpress

miniorangesaml_sp_single_sign_onRange20.0.0–20.0.7multisitewordpress

References

wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1

wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc

wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6fac

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for NVD:CVE-2022-4496

wpvulndb3 prion1 cve1 cvelist1