Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-2927-HV3P-F3VP
HistoryJun 03, 2022 - 12:00 a.m.

Open redirect in caddy

2022-06-0300:00:29
CWE-601
GitHub Advisory Database
github.com
297
caddy v2.4
open redirect
vulnerability
remote attacker
unauthenticated
crafted links

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.5%

JSON

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

Affected configurations

Vulners
Node
caddyservercaddyRange<2.5.0
OR
caddyservercaddyRange<2.5.0
VendorProductVersionCPE
caddyservercaddy*cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*

Related

osv 6
openvas 2
cve 1
debiancve 1
fedora 1
nessus 1
nvd 1
veracode 1
cvelist 1
prion 1
suse 1
osv
osv
caddy-2.5.1-2.1 on GA media
2024-06-15 00:00:00
CGA-x6wv-g666-wr84
2024-06-06 12:29:56
CGA-294f-53cv-6w84
2024-06-06 12:18:10
openvas
openvas
Fedora: Security Advisory for caddy (FEDORA-2023-a258bed79b)
2023-03-11 00:00:00
openSUSE: Security Advisory for caddy (openSUSE-SU-2022:10007-1)
2024-03-04 00:00:00
cve
cve
CVE-2022-29718
2022-06-02 21:15:07
debiancve
debiancve
CVE-2022-29718
2022-06-02 21:15:07
fedora
fedora
[SECURITY] Fedora 36 Update: caddy-2.4.6-6.fc36
2023-03-10 01:38:33
nessus
nessus
Fedora 36 : caddy (2023-a258bed79b)
2023-03-09 00:00:00
nvd
nvd
CVE-2022-29718
2022-06-02 21:15:07
veracode
veracode
Open Redirect
2022-06-03 06:11:01
cvelist
cvelist
CVE-2022-29718
2022-06-02 00:00:00
prion
prion
Open redirect
2022-06-02 21:15:00
suse
suse
Security update for caddy (moderate)
2022-06-15 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.5%

JSON
Related for GHSA-2927-HV3P-F3VP
osv6openvas2cve1debiancve1fedora1nessus1nvd1veracode1cvelist1prion1suse1