exploitDog

CVE-2022-45169

Опубликовано: 21 фев. 2024

Источник: nvd

CVSS3: 5.4

CVSS3: 5.9

EPSS Низкий

Описание

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.

Ссылки

https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

Версия до 031 (включая)

EPSS

Процентиль: 5%

0.00021

Низкий

5.4 Medium

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-cjwx-wwmv-rqgc

CVSS3: 5.4

github

почти 2 года назад

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.

EPSS

Процентиль: 5%

0.00021

Низкий

5.4 Medium

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-601