CVE-2022-0869
published 2022-03-06CVE-2022-0869: Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.62%
83.5th percentile
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nitely | nitely_spirit | >= unspecified < 0.12.3 | 0.12.3 |
| spirit-project | spirit | < 0.12.3 | 0.12.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open Redirect in django-spirit
osv·2022-03-07
CVE-2022-0869 [MEDIUM] Open Redirect in django-spirit
Open Redirect in django-spirit
django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register, /user/login, /user/resend-activation.
GHSA
Open Redirect in django-spirit
ghsa·2022-03-07
CVE-2022-0869 [MEDIUM] CWE-601 Open Redirect in django-spirit
Open Redirect in django-spirit
django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register, /user/login, /user/resend-activation.
No detection rules found.
Nuclei
nitely/spirit 0.12.3 - Open Redirect
nuclei·CVSS 6.1
CVE-2022-0869 [MEDIUM] nitely/spirit 0.12.3 - Open Redirect
nitely/spirit 0.12.3 - Open Redirect
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
Template:
id: CVE-2022-0869
info:
name: nitely/spirit 0.12.3 - Open Redirect
author: ctflearner
severity: medium
description: |
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
remediation: |
Upgrade to a patched version of nitely/spirit to mitigate the open redirect vulnerability (CVE-2022-0869).
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0869
- https://huntr.dev/bounties/ed335a88-f68c-4e4d-ac85-f29a51b03342
- https://github.com/nitely/spirit/commit/8f32f89654d6c30d56e0dd167059d3
No writeups or analysis indexed.
2022-03-06
Published