Lucene search

K
cve[email protected]CVE-2022-47500
HistoryDec 19, 2022 - 11:15 a.m.

CVE-2022-47500

2022-12-1911:15:11
CWE-601
web.nvd.nist.gov
45
apache
helix
ui
open redirect
cve-2022-47500
security
vulnerability
apache software foundation

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.2%

URL Redirection to Untrusted Site (β€˜Open Redirect’) vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.

Solution: removed the the forward component since it was improper designed for UI embedding.

User please upgrade to 1.1.0 to fix this issue.

Affected configurations

Vulners
NVD
Node
apachehelixRange≀1.0.4
CPENameOperatorVersion
apache:helixapache helixle1.0.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Helix",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.0.4",
        "status": "affected",
        "version": "0.8.0",
        "versionType": "custom"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.2%

Related for CVE-2022-47500