Skip to main content

CVE-2022-23599: n/a in n/a

Medium
VulnerabilityCVE-2022-23599cvecve-2022-23599
Published: Fri Jan 28 2022 (01/28/2022, 22:00:15 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.

AI-Powered Analysis

AILast updated: 07/06/2025, 23:41:02 UTC

Technical Analysis

CVE-2022-23599 is a medium-severity vulnerability affecting Products.ATContentTypes, which are core content types used in Plone versions 2.1 through 4.3. Plone is an open-source content management system widely used for building websites and intranets. The vulnerability arises from a reflected cross-site scripting (XSS) and open redirect issue linked to the image_view_fullscreen page. Specifically, if an attacker can poison a cache—such as Varnish caching proxy—with a compromised version of this page, subsequent visitors retrieving the cached page may be redirected to malicious sites when clicking on links within it. This attack vector is known as cache poisoning. The vulnerability primarily affects anonymous users, although the impact can vary depending on individual user cache settings. The root cause is improper sanitization of input parameters leading to reflected XSS (CWE-79) and open redirect flaws. The issue was addressed in version 3.0.6 of Products.ATContentTypes, which is compatible with Plone 5.2 running on Python 2. As an interim mitigation, administrators are advised to configure caching layers to exclude the image_view_fullscreen page from being cached, preventing poisoned content from being served to users. No known exploits have been reported in the wild to date. The CVSS v3.1 base score is 4.3 (medium), reflecting that the attack can be performed remotely without privileges but requires user interaction and results in limited confidentiality impact without affecting integrity or availability.

Potential Impact

For European organizations utilizing Plone CMS versions dependent on vulnerable Products.ATContentTypes (prior to 3.0.6), this vulnerability poses a risk of client-side attacks via reflected XSS and open redirects. Attackers could exploit cache poisoning to serve malicious content to website visitors, potentially leading to phishing, session hijacking, or redirection to malicious sites. While the direct impact on the server or backend systems is minimal, the reputational damage and loss of user trust can be significant, especially for public-facing websites of government agencies, educational institutions, and enterprises. Since anonymous users are primarily affected, organizations with high volumes of public traffic are at greater risk. The vulnerability does not compromise data integrity or availability but can lead to leakage of sensitive information through client-side attacks. The reliance on caching proxies like Varnish in European deployments increases the attack surface if cache configurations are not properly hardened. Given the medium severity and the availability of a patch, the impact is manageable but requires timely remediation to prevent exploitation.

Mitigation Recommendations

1. Upgrade Products.ATContentTypes to version 3.0.6 or later, which contains the fix for this vulnerability. Ensure that the Plone instance is compatible with this version, particularly if running Plone 5.2 on Python 2. 2. Configure caching layers such as Varnish or other reverse proxies to exclude the image_view_fullscreen page from being cached. This prevents cache poisoning attacks by ensuring that maliciously crafted pages are not stored and served to other users. 3. Implement strict Content Security Policy (CSP) headers to limit the impact of reflected XSS by restricting the sources of executable scripts and preventing inline script execution. 4. Conduct regular security audits and penetration testing focusing on cache configurations and input sanitization in Plone-based websites. 5. Educate administrators and developers about secure coding practices related to input validation and output encoding to prevent reflected XSS and open redirect vulnerabilities in future customizations. 6. Monitor web traffic and logs for unusual redirect patterns or cache anomalies that could indicate attempted exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2022-01-19T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ec4522896dcbdc065

Added to database: 5/21/2025, 9:08:46 AM

Last enriched: 7/6/2025, 11:41:02 PM

Last updated: 7/30/2025, 2:53:10 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats