CVE Details for CVE: CVE-2022-29718
Summary
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
Timestamps
Last major update 12-06-2022 - 02:37
Published 02-06-2022 - 21:15
Last modified 12-06-2022 - 02:37
Vulnerable Configurations
  • cpe:2.3:a:caddyserver:caddy:2.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
CVSS
Base
5.8
Impact
4.9
Exploitability
8.6
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
CVSS3
Base
6.1
Impact
2.7
Exploitability
2.8
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE CHANGED REQUIRED
Impact
ConfidentialityIntegrityAvailability
LOW LOW NONE
VIA4 references
cvss-vector via4
AV:N/AC:M/Au:N/C:P/I:P/A:N
cvss3-vector via4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N