Описание
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
An open redirect flaw was found in caddy. This issue may allow a malicious user to craft a link that redirects to any url they choose.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-velero-rhel8 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-plugin-for-aws-rhel9 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-plugin-for-gcp-rhel9 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-restic-restore-helper-rhel8 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-multicluster-globalhub-agent-container | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=2167571caddy: an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
EPSS
Процентиль: 95%
0.16987
Средний
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 3 лет назад
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVSS3: 6.1
nvd
около 3 лет назад
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVSS3: 6.1
debian
около 3 лет назад
Caddy v2.4.6 was discovered to contain an open redirection vulnerabili ...
EPSS
Процентиль: 95%
0.16987
Средний
7.5 High
CVSS3