CVE-2023-41699

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html", "name": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html", "name": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html", "tags": ["Release Notes"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\n\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-601"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-41699", "ASSIGNER": "security@payara.fish"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2023-11-15T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.2023.11", "versionStartIncluding": "6.2023.1"}, {"cpe23Uri": "cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.1.2.191.46", "versionStartIncluding": "4.1.2.191"}, {"cpe23Uri": "cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.8.0", "versionStartIncluding": "6.0.0"}, {"cpe23Uri": "cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.57.0", "versionStartIncluding": "5.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-11-23T03:41Z"}