CVE Details for CVE: CVE-2022-29718
Summary
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
| Timestamps | |
|---|---|
| Last major update | 12-06-2022 - 02:37 |
| Published | 02-06-2022 - 21:15 |
| Last modified | 12-06-2022 - 02:37 |
Vulnerable Configurations
-
cpe:2.3:a:caddyserver:caddy:2.4.0:-:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.0:-:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.0:beta1:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.0:beta2:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.2:*:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.3:*:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.4:*:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.5:*:*:*:*:*:*:*
-
cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:*
CWE
CVSS
Base
5.8
Impact
4.9
Exploitability
8.6
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | NONE |
CVSS3
Base
6.1
Impact
2.7
Exploitability
2.8
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| LOW | NETWORK | NONE | CHANGED | REQUIRED |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| LOW | LOW | NONE |