CVE-2022-0637

Name of the Vulnerable Software and Affected Versions pollbot versions prior to 1.4.6

Description The issue is an open redirect in pollbot, affecting URLs such as https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/. An attacker can redirect users to malicious sites by exploiting this vulnerability. This could lead to malicious websites stealing passwords or downloading ransomware to the victim's machine. The vulnerability can be exploited by using a URL like https://pollbot.services.mozilla.com/%0a/evil.com/, where /%0a/ and a trailing / are required.

Recommendations For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the pollbot service to minimize the risk of exploitation. Avoid using the pollbot service with untrusted input until the issue is resolved.