Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-40083HistoryOct 07, 2022 - 4:11 p.m.
Labstack Echo 4.8.0 - Open Redirect
2022-10-0716:11:42
ProjectDiscovery
github.com
5
cve
cve2022
redirect
labstack
vulnerability
open redirect
static handler
ssrf
data modification
unauthorized operations
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.3%
Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
id: CVE-2022-40083
info:
name: Labstack Echo 4.8.0 - Open Redirect
author: pdteam
severity: critical
description: |
Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,.
remediation: Download and install 4.9.0, which contains a patch for this issue.
reference:
- https://github.com/labstack/echo/issues/2259
- https://nvd.nist.gov/vuln/detail/CVE-2022-40083
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Henry4E36/POCS
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
cvss-score: 9.6
cve-id: CVE-2022-40083
cwe-id: CWE-601
epss-score: 0.02362
epss-percentile: 0.89807
cpe: cpe:2.3:a:labstack:echo:4.8.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: labstack
product: echo
tags: cve,cve2022,redirect,labstack
http:
- method: GET
path:
- "{{BaseURL}}//interactsh.com%2f.."
matchers-condition: and
matchers:
- type: regex
part: location
regex:
- '^\s*//interactsh.com/\.\.'
- type: status
status:
- 301
# digest: 4b0a00483046022100c524864438d26d3d4ec6a9fcdaac0a17f02193253ace57360911457dc1e1e3a9022100cc37241f61c4ba472282c4bf699ea37914b87f71bd093f14bc47ffc5a182f16c:922c64590222798bb761d5b6d8e72950Related
osv
osv
Labstack Echo Open Redirect vulnerability
2022-09-29 00:00:26
CVE-2022-40083
2022-09-28 14:15:10
Open redirect in github.com/labstack/echo/v4
2022-10-11 21:29:24
prion
prion
Open redirect
2022-09-28 14:15:00
nvd
nvd
CVE-2022-40083
2022-09-28 14:15:10
cvelist
cvelist
CVE-2022-40083
2022-09-28 13:34:03
github
github
Labstack Echo Open Redirect vulnerability
2022-09-29 00:00:26
cnvd
cnvd
LabStack Echo Open Redirect Vulnerability
2022-09-30 00:00:00
debiancve
debiancve
CVE-2022-40083
2022-09-28 14:15:10
cve
cve
CVE-2022-40083
2022-09-28 14:15:10
ubuntucve
ubuntucve
CVE-2022-40083
2022-09-28 00:00:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-10-03 03:18:08
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.3%
Related for NUCLEI:CVE-2022-40083