CVE-2022-47500
published 2022-12-19CVE-2022-47500: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.05%
60.1th percentile
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.
Solution: removed the the forward component since it was improper designed for UI embedding.
User please upgrade to 1.1.0 to fix this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | helix | 0.8.0 – 1.0.4 | — |
| apache_software_foundation | apache_helix | 0.8.0 – 1.0.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Helix UI vulnerable to Open Redirect
ghsa·2022-12-19
CVE-2022-47500 [MEDIUM] CWE-601 Apache Helix UI vulnerable to Open Redirect
Apache Helix UI vulnerable to Open Redirect
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
OSV
Apache Helix UI vulnerable to Open Redirect
osv·2022-12-19
CVE-2022-47500 [MEDIUM] Apache Helix UI vulnerable to Open Redirect
Apache Helix UI vulnerable to Open Redirect
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-19
Published