CVE-2023-6552 - Vulnerability Details - OpenCVE

Description

Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.

Published: 2024-01-08

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TasmoAdmin

TasmoAdmin

unaffected

Version	Status	Constraints
`0`	affected	< 3.3.0

Configuration 1 [-]

cpe:2.3:a:tasmoadmin:tasmoadmin:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00299.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://cert.pl/en/posts/2024/01/CVE-2023-6552/
https://cert.pl/posts/2024/01/CVE-2023-6552/
https://github.com/TasmoAdmin/TasmoAdmin/pull/1039

History

Thu, 17 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Tasmoadmin Tasmoadmin

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-08T12:19:58.358Z

Updated: 2025-04-17T17:58:04.602Z

Reserved: 2023-12-06T12:37:34.641Z

Link: CVE-2023-6552

Vulnrichment

Updated: 2024-08-02T08:35:14.693Z

NVD

Status : Modified

Published: 2024-01-08T13:15:09.257

Modified: 2025-04-17T18:15:46.510

Link: CVE-2023-6552

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-601

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6552", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-12-06T12:37:34.641Z", "datePublished": "2024-01-08T12:19:58.358Z", "dateUpdated": "2025-04-17T17:58:04.602Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TasmoAdmin", "repo": "https://github.com/TasmoAdmin/TasmoAdmin", "vendor": "TasmoAdmin", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Krzysztof Zaj\u0105c (CERT.PL)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.<br>"}], "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-08T12:19:58.358Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}], "source": {"discovery": "UNKNOWN"}, "title": "Open redirect in TasmoAdmin", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-01-09T20:12:33.934019Z", "id": "CVE-2023-6552", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:58:04.602Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6552", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-12-06T12:37:34.641Z", "datePublished": "2024-01-08T12:19:58.358Z", "dateUpdated": "2025-04-17T17:58:04.602Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TasmoAdmin", "repo": "https://github.com/TasmoAdmin/TasmoAdmin", "vendor": "TasmoAdmin", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Krzysztof Zaj\u0105c (CERT.PL)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.<br>"}], "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-08T12:19:58.358Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}], "source": {"discovery": "UNKNOWN"}, "title": "Open redirect in TasmoAdmin", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-6552", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-09T20:12:33.934019Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:57:58.179Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tasmoadmin:tasmoadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "35397843-FA5B-4258-8C48-14C6366FE292", "versionEndExcluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of \"current\" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.\n"}, {"lang": "es", "value": "La falta de validaci\u00f3n del par\u00e1metro GET \"actual\" durante la acci\u00f3n de cambiar un idioma conduce a una vulnerabilidad de redireccionamiento abierto."}], "id": "CVE-2023-6552", "lastModified": "2025-04-17T18:15:46.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-08T13:15:09.257", "references": [{"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}, {"source": "cvd@cert.pl", "tags": ["Patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6552/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6552/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/TasmoAdmin/TasmoAdmin/pull/1039"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}