CVE-2022-29718Open Redirect in Caddyserver Caddy

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Caddyserver CaddyGithub.com Caddyserver Caddy V2Caddyserver Caddy
Timeline
PublishedJun 2
Latest updateJun 3

Description

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDcaddyserver/caddy2.4.02.5.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Open redirect in caddy2022-06-03
GHSA
Open redirect in caddy2022-06-03
CVEList
CVE-2022-29718: Caddy v22022-06-02

📋Vendor Advisories

1
Debian
CVE-2022-29718: caddy - Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote un...2022
CVE-2022-29718 — Open Redirect in Caddyserver Caddy | cvebase