CVE-2022-28923
published 2023-02-06CVE-2022-28923: Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.43%
69.7th percentile
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| caddyserver | caddy | — | — |
| caddyserver | caddy | >= 0 < 2.5.2-1 | 2.5.2-1 |
| caddyserver | caddy | >= 0 < 2.5.2-1 | 2.5.2-1 |
| debian | caddy | < caddy 2.5.2-1 (bookworm) | caddy 2.5.2-1 (bookworm) |
| github.com | caddyserver_caddy_v2 | >= 0 < 2.5.0-beta.1 | 2.5.0-beta.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open redirect in github.com/caddyserver/caddy/v2
osv·2023-02-16
CVE-2022-28923 Open redirect in github.com/caddyserver/caddy/v2
Open redirect in github.com/caddyserver/caddy/v2
Due to improper request sanitization, a crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks.
GHSA
Open Redirect in Caddy
ghsa·2023-02-07
CVE-2022-28923 [MEDIUM] CWE-601 Open Redirect in Caddy
Open Redirect in Caddy
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
OSV
Open Redirect in Caddy
osv·2023-02-07
CVE-2022-28923 [MEDIUM] Open Redirect in Caddy
Open Redirect in Caddy
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
OSV
CVE-2022-28923: Caddy v2
osv·2023-02-06·CVSS 6.1
CVE-2022-28923 [MEDIUM] CVE-2022-28923: Caddy v2
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
Red Hat
caddy: an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
vendor_redhat·2023-02-07·CVSS 6.1
CVE-2022-28923 [MEDIUM] CWE-601 caddy: an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
caddy: an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
An open redirect flaw was found in caddy. This issue may allow a malicious user to craft a link that redirects to any url they choose.
Package: rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8 (Migration Toolkit for Containers) - Not affected
Package: rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8 (Migration Toolkit for Containers) - Not affected
Package: rhmtc/openshift-migration-velero-restic-restore-helper-rhel8 (Migration Toolkit for Containers) - Not affected
Package: rhmtc/openshift-mig
Debian
CVE-2022-28923: caddy - Caddy v2.4.6 was discovered to contain an open redirection vulnerability which a...
vendor_debian·2022·CVSS 6.1
CVE-2022-28923 [MEDIUM] CVE-2022-28923: caddy - Caddy v2.4.6 was discovered to contain an open redirection vulnerability which a...
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
Scope: local
bookworm: resolved (fixed in 2.5.2-1)
sid: resolved (fixed in 2.5.2-1)
trixie: resolved (fixed in 2.5.2-1)
No detection rules found.
Nuclei
Caddy 2.4.6 - Open Redirect
nuclei·CVSS 6.1
CVE-2022-28923 [MEDIUM] Caddy 2.4.6 - Open Redirect
Caddy 2.4.6 - Open Redirect
Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-28923
info:
name: Caddy 2.4.6 - Open Redirect
author: Sascha Brendel,DhiyaneshDk
severity: medium
description: |
Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,.
remediation: |
Upgrade Caddy to version 2.4.7 or later to mitigate the vulnerability.
r
No writeups or analysis indexed.
2023-02-06
Published