Lucene search

Veracode Vulnerability DatabaseVERACODE:45350

HistoryFeb 06, 2024 - 6:06 a.m.

Open Redirect

2024-02-0606:06:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

caddyserver

open redirect

url sanitization

vulnerability

directorylisting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

JSON

github.com/caddyserver/caddy is vulnerable to Open Redirect. The vulnerability is caused by the SanitizedPathJoin and directoryListing functions due to improper URL sanitization, allowing an attacker to craft a malicious URL resulting in open redirect.

CPENameOperatorVersion
github.com/caddyserver/caddylev2.4.6
github.com/caddyserver/caddylev2.4.6

CPE	Name	Operator	Version
	github.com/caddyserver/caddy	le	v2.4.6
	github.com/caddyserver/caddy	le	v2.4.6

References

github.com/advisories/GHSA-qpm3-vr34-h8w8

github.com/caddyserver/caddy/commit/78b5356f2b1945a90de1ef7f2c7669d82098edbd

github.com/caddyserver/caddy/pull/4447

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

JSON

Related for VERACODE:45350