Lucene search

OpenJS FoundationFRIENDSOFPHP:RUDLOFF:ALLTUBE:CVE-2022-0692

HistoryFeb 20, 2022 - 1:28 p.m.

URL Redirection to Untrusted Site ('Open Redirect')

2022-02-2013:28:57

OpenJS Foundation

github.com

url redirection

untrusted site

vulnerability

releases prior to 3.0.1

patches 3.0.1

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

Description Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. (The 1.x and 2.x releases are not maintained anymore.) References bc14b6e https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/ https://nvd.nist.gov/vuln/detail/CVE-2022-0692

Affected configurations

Vulners

Node

rudloffalltubeRange<3.0.1

VendorProductVersionCPE
rudloffalltube*cpe:2.3:a:rudloff:alltube:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rudloff	alltube	*	cpe:2.3:a:rudloff:alltube::::::::

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

Related for FRIENDSOFPHP:RUDLOFF:ALLTUBE:CVE-2022-0692