CVE-2023-28370

Summary

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Affected Software

VendorProductVersion RangeStatus
tornadowebTornadoversions 6.3.1 and earlieraffected

Weaknesses

  • Open redirect

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References