PT-2022-22807 · Portswigger · Burp Suite

Published

2022-07-08

Updated

2023-08-08

CVE-2022-35406

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Burp Suite versions prior to 2022.6

Description A URL disclosure issue was discovered. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect.

Recommendations For versions prior to 2022.6, update to version 2022.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted responses in the Repeater or Intruder until a patch is available. Restrict access to potentially malicious responses to minimize the risk of exploitation.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2022-35406

Affected Products

Burp Suite

PT-2022-22807 · Portswigger · Burp Suite

CVE-2022-35406

Weakness Enumeration

Related Identifiers

Affected Products

References · 4