CVE-2022-47500

2022-12-1911:15:11

CWE-601

[email protected]

web.nvd.nist.gov

apache

helix

open redirect

cve-2022-47500

security

vulnerability

apache software foundation

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.2%

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.

Solution: removed the the forward component since it was improper designed for UI embedding.

User please upgrade to 1.1.0 to fix this issue.

Affected configurations

Vulners

NVD

Node

apachehelixRange≤1.0.4

CPENameOperatorVersion
apache:helixapache helixle1.0.4

CPE	Name	Operator	Version
apache:helix	apache helix	le	1.0.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Helix",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.0.4",
        "status": "affected",
        "version": "0.8.0",
        "versionType": "custom"
      }
    ]
  }
]