PT-2022-19796 · Caddy+1 · Caddy+1

Govulnbot

Published

2022-05-12

Updated

2024-06-15

CVE-2022-29718

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Caddy version v2.4

Description A remote unauthenticated attacker may exploit this issue to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. The issue is an open redirect vulnerability.

Recommendations For Caddy version v2.4, as a temporary workaround, consider restricting access to potentially vulnerable endpoints until a patch is available. Avoid using crafted links that may redirect users to arbitrary web URLs. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2022-1850

CVE-2022-29718

GHSA-2927-HV3P-F3VP

OPENSUSE-SU-2022:10007-1

OPENSUSE-SU-2024:12132-1

Affected Products

Alt Linux

Caddy

PT-2022-19796 · Caddy+1 · Caddy+1

CVE-2022-29718

Weakness Enumeration

Related Identifiers

Affected Products

References · 17