← back
CVE-2020-23015

CVE-2020-23015

EPSS 2.7%
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 2.7%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
03 May 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
Affected products
n/a · n/a