Lucene search

Alpine Linux Development TeamALPINE:CVE-2022-45169

HistoryFeb 21, 2024 - 4:15 p.m.

CVE-2022-45169

2024-02-2116:15:49

Alpine Linux Development Team

security.alpinelinux.org

cve-2022-45169

untrusted site redirection

authentication bypass

push notification

clickable link

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

Percentile

14.0%

JSON

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.19-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.20-communitynoarchvdesk= 1.2-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.19-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.20-community	noarch	vdesk	= 1.2-r1	UNKNOWN