PT-2023-12957 · Caddy+1 · Caddy+1

Hunt2Behunter

Publicado

2022-05-12

Atualizado

2023-02-16

CVE-2022-28923

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Caddy version 2.4.6

Description The issue allows attackers to redirect users to phishing websites via crafted URLs due to improper request sanitization. A crafted URL can cause the static file handler to redirect to an attacker-chosen URL, enabling open redirect attacks.

Recommendations For Caddy version 2.4.6, update to a version that fixes the open redirection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

ALT-PU-2022-1850

CVE-2022-28923

GHSA-QPM3-VR34-H8W8

GO-2023-1567

Produtos afetados

Alt Linux

Caddy

PT-2023-12957 · Caddy+1 · Caddy+1

CVE-2022-28923

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13