CVE: CVE-2022-28923 - CVE-Search

CVE Details for CVE: CVE-2022-28923

Summary

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

Timestamps
Last major update	14-02-2023 - 20:22
Published	06-02-2023 - 23:15
Last modified	14-02-2023 - 20:22

References

https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/

Vulnerable Configurations

cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-601

CVSS

Base

None

Impact

Exploitability

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

CVSS3

Base

6.1

Impact

2.7

Exploitability

2.8

Access

Attack Complexity	Attack vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	NONE	CHANGED	REQUIRED

Impact

Confidentiality	Integrity	Availability
LOW	LOW	NONE

VIA4 references

cvss3-vector via4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N