CVE-2023-6552 - Vulnerability Details - OpenCVE

Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Tasmoadmin	Tasmoadmin

Configuration 1 [-]

cpe:2.3:a:tasmoadmin:tasmoadmin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.pl/en/posts/2024/01/CVE-2023-6552/
https://cert.pl/posts/2024/01/CVE-2023-6552/
https://github.com/TasmoAdmin/TasmoAdmin/pull/1039

History

Thu, 17 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-08T12:19:58.358Z

Updated: 2025-04-17T17:58:04.602Z

Reserved: 2023-12-06T12:37:34.641Z

Link: CVE-2023-6552

Vulnrichment

Updated: 2024-08-02T08:35:14.693Z

NVD

Status : Modified

Published: 2024-01-08T13:15:09.257

Modified: 2025-04-17T18:15:46.510

Link: CVE-2023-6552

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6552", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-12-06T12:37:34.641Z", "datePublished": "2024-01-08T12:19:58.358Z", "dateUpdated": "2025-04-17T17:58:04.602Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TasmoAdmin", "repo": "https://github.com/TasmoAdmin/TasmoAdmin", "vendor": "TasmoAdmin", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Krzysztof Zaj\u0105c (CERT.PL)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.<br>"}], "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-08T12:19:58.358Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}], "source": {"discovery": "UNKNOWN"}, "title": "Open redirect in TasmoAdmin", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-01-09T20:12:33.934019Z", "id": "CVE-2023-6552", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:58:04.602Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6552", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-12-06T12:37:34.641Z", "datePublished": "2024-01-08T12:19:58.358Z", "dateUpdated": "2025-04-17T17:58:04.602Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TasmoAdmin", "repo": "https://github.com/TasmoAdmin/TasmoAdmin", "vendor": "TasmoAdmin", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Krzysztof Zaj\u0105c (CERT.PL)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.<br>"}], "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-08T12:19:58.358Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}], "source": {"discovery": "UNKNOWN"}, "title": "Open redirect in TasmoAdmin", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-6552", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-09T20:12:33.934019Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:57:58.179Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tasmoadmin:tasmoadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "35397843-FA5B-4258-8C48-14C6366FE292", "versionEndExcluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"}, {"lang": "es", "value": "La falta de validaci\u00f3n del par\u00e1metro GET \"actual\" durante la acci\u00f3n de cambiar un idioma conduce a una vulnerabilidad de redireccionamiento abierto."}], "id": "CVE-2023-6552", "lastModified": "2025-04-17T18:15:46.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-08T13:15:09.257", "references": [{"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}, {"source": "cvd@cert.pl", "tags": ["Patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}