CVE-2022-29718

Опубликовано: 02 июн. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

Ссылки

https://github.com/caddyserver/caddy/pull/4499
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C/
https://github.com/caddyserver/caddy/pull/4499
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP2VIUT5IKA3OKM6YWA5LTLJ2GTEIH7C/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*

Версия от 2.4.0 (включая) до 2.5.0 (исключая)

EPSS

Процентиль: 24%

0.00079

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2022-29718

CVSS3: 6.1

debian

около 3 лет назад

Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...

openSUSE-SU-2022:10007-1

suse-cvrf

около 3 лет назад

Security update for caddy

GHSA-2927-hv3p-f3vp

CVSS3: 6.1

github

около 3 лет назад

Open redirect in caddy

EPSS

Процентиль: 24%

0.00079

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601