Lucene search

MitreCVE-2022-45169

HistoryFeb 21, 2024 - 4:15 p.m.

CVE-2022-45169

2024-02-2116:15:49

CWE-601

mitre

web.nvd.nist.gov

645

vulnerability assessment

web security

arbitrary push notification

livebox collaboration vdesk

cve-2022-45169

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

14.0%

JSON

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.

Affected configurations

Nvd

Node

liveboxcloudvdeskRange≤031

VendorProductVersionCPE
liveboxcloudvdesk*cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
liveboxcloud	vdesk	*	cpe:2.3:a:liveboxcloud:vdesk::::::::

References

www.gruppotim.it/it/footer/red-team.html