Sign-up

ID

VAR-202302-0439


CVE

CVE-2022-28923


TITLE

Caddy  Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-013033

DESCRIPTION

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. Caddy Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-28923 // JVNDB: JVNDB-2022-013033 // VULMON: CVE-2022-28923

AFFECTED PRODUCTS

vendor:caddyservermodel:caddyscope:eqversion:2.4.6

Trust: 1.0

vendor:light codemodel:caddyscope:eqversion:2.4.6

Trust: 0.8

vendor:light codemodel:caddyscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-013033 // NVD: CVE-2022-28923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28923
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-28923
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-480
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-28923
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-28923
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013033 // CNNVD: CNNVD-202302-480 // NVD: CVE-2022-28923

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.0

problemtype:Open redirect (CWE-601) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-013033 // NVD: CVE-2022-28923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-480

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-480

PATCH

title:caddyurl:https://github.com/caddyserver/caddy

Trust: 0.8

title:Caddy Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=225386

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-28923

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-28923

Trust: 0.1

sources: VULMON: CVE-2022-28923 // JVNDB: JVNDB-2022-013033 // CNNVD: CNNVD-202302-480

EXTERNAL IDS

db:NVDid:CVE-2022-28923

Trust: 3.3

db:JVNDBid:JVNDB-2022-013033

Trust: 0.8

db:CNNVDid:CNNVD-202302-480

Trust: 0.6

db:VULMONid:CVE-2022-28923

Trust: 0.1

sources: VULMON: CVE-2022-28923 // JVNDB: JVNDB-2022-013033 // CNNVD: CNNVD-202302-480 // NVD: CVE-2022-28923

REFERENCES

url:https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-28923

Trust: 1.4

url:https://access.redhat.com/security/cve/cve-2022-28923

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-28923/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-28923

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-28923 // JVNDB: JVNDB-2022-013033 // CNNVD: CNNVD-202302-480 // NVD: CVE-2022-28923

SOURCES

db:VULMONid:CVE-2022-28923
db:JVNDBid:JVNDB-2022-013033
db:CNNVDid:CNNVD-202302-480
db:NVDid:CVE-2022-28923

LAST UPDATE DATE

2024-08-14T14:37:04.220000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-28923date:2023-02-07T00:00:00
db:JVNDBid:JVNDB-2022-013033date:2023-09-05T05:55:00
db:CNNVDid:CNNVD-202302-480date:2023-02-15T00:00:00
db:NVDid:CVE-2022-28923date:2023-02-14T20:22:42.867

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-28923date:2023-02-06T00:00:00
db:JVNDBid:JVNDB-2022-013033date:2023-09-05T00:00:00
db:CNNVDid:CNNVD-202302-480date:2023-02-06T00:00:00
db:NVDid:CVE-2022-28923date:2023-02-06T23:15:09.637