CVE-2023-46750
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in shiro-web (Maven)
What is CVE-2023-46750 About?
This vulnerability in Apache Shiro, when using 'form' authentication, allows for URL Redirection to Untrusted Sites. Attackers can leverage this to redirect users to malicious domains, facilitating phishing or other social engineering attacks. Exploitation relies on specific authentication configurations and is moderately complex.
Affected Software
- org.apache.shiro:shiro-web
- <1.13.0
- >2.0.0-alpha-1, <2.0.0-alpha-4
Technical Details
The vulnerability is an 'Open Redirect' flaw in Apache Shiro when configured to use 'form' authentication. In this scenario, Shiro may inadequately validate or sanitize the 'redirect' parameter or similar URL components after a successful authentication or during certain authentication flows. An attacker can craft a malicious URL containing an untrusted external domain as the redirect target. When a user authenticates or is processed by the form authentication mechanism, Shiro inadvertently redirects them to this attacker-controlled site instead of the legitimate intended destination.
What is the Impact of CVE-2023-46750?
Successful exploitation may allow attackers to redirect users to arbitrary untrusted websites, leading to phishing attacks, credential theft, or malware distribution.
What is the Exploitability of CVE-2023-46750?
Exploitation complexity is moderate, as it specifically requires the use of 'form' authentication in Apache Shiro. No authentication is typically required by the attacker to craft and distribute the malicious URL, but the user being targeted would need to interact with the application's authentication flow. The attack is remote, relying on the user clicking a crafted link. Special conditions include the 'form' authentication being active. The primary risk factor is that users might be tricked into visiting a malicious site, making social engineering a key component of successful exploitation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-46750?
Available Upgrade Options
- org.apache.shiro:shiro-web
- <1.13.0 → Upgrade to 1.13.0
- org.apache.shiro:shiro-web
- >2.0.0-alpha-1, <2.0.0-alpha-4 → Upgrade to 2.0.0-alpha-4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/apache/shiro
- https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
- https://osv.dev/vulnerability/GHSA-hhw5-c326-822h
- https://security.netapp.com/advisory/ntap-20240808-0002
- https://nvd.nist.gov/vuln/detail/CVE-2023-46750
- https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
- https://github.com/apache/shiro/commit/3b80f5c8e5a95ba31e92e4825ecc0ba3148b555a
- https://security.netapp.com/advisory/ntap-20240808-0002/
- https://github.com/apache/shiro/commit/8400d08d5eac0bc4fae99d28c5adc82dd8a86eda
What are Similar Vulnerabilities to CVE-2023-46750?
Similar Vulnerabilities: CVE-2023-44487 , CVE-2023-38827 , CVE-2023-34033 , CVE-2022-44372 , CVE-2021-43818
